Stream and Block Ciphers – SY0-601 CompTIA Security+ : 2.8

We use stream and block ciphers to efficiently protect our important data. In this video, you’ll learn about stream cipher methods and block cipher modes of operation.

When you want to encrypt some information, there are a number of different techniques you can use to take something that is plaintext and turn it into ciphertext. One way is to perform a stream cipher. And the other one is to use a block cipher. With stream ciphers, we are encrypting one byte at a time. So we will take our plaintext, we’ll grab the first byte, we’ll encrypt that byte, and we’ll store the encrypted information. Then we’ll take the second byte and we’ll encrypt that byte and store that second byte and so on.

This allows us to encrypt very quickly because we can do this one byte at a time instead of using larger groups of data to encrypt at a single time. This also means that we would not need as complex a hardware or CPU infrastructure to be able to encrypt just a single byte of information. You often see stream ciphers used with symmetric encryption where there is a single key that’s used for encryption. And that same key is used for decryption. You don’t often see asymmetric encryption used in these stream ciphers because of the overhead and additional time it takes to be able to encrypt and decrypt with asymmetric encryption.

One of the challenges you have with stream ciphers is you don’t know what’s coming later in the stream until you get to that particular byte. And that means randomization of this data could be challenging, especially if multiple bytes are input into the stream that are identical. You end up with identical bytes on the encrypted side. So there’s often an initialization vector, or IV, that is added to the stream cipher to add some randomization to the encryption process.

As the name implies, a block cipher is encrypting a fixed length block of information at a time. So instead of taking a single byte, it will take a block of bytes and encrypt that entire block at one time. We usually will see this with 64-bit or 128-bit blocks. And if the input into this block cipher doesn’t match 64 or 128 bits, we’ll often add padding onto that to fill in any of those short blocks. Like stream ciphers, block ciphers also commonly use symmetric encryption so that they can encrypt as quickly as possible with a minimum of overhead.

There are many different ways to encrypt a block of information, and we call these different methods modes of operation. In this video, I’ll give you an overview of a number of different modes so that you can see the differences between these different modes of operation for block ciphers. For each of these modes of operation, it’s a similar type of input. We need a block of data. And it’s a standard sized block of data for each of these modes.

We’re also going to have a specialized form of encryption that differs depending on the mode of operation. The method used for encryption for one mode of operation is often quite different than the method used in another mode of operation. These block ciphers will start by taking data and splitting them into smaller fixed length blocks. If you do end up with a block at the end that does not fill in the entire length of that block, we’ll often use padding just before the encryption process.

One of the simplest modes of operation for block ciphers is ECB, or electronic codebook. This is going to use a single encryption key and perform exactly the same encryption for every block in the series. For example, we’ll start with some plain text, we’ll use our symmetric key to be able to encrypt that data, and we’ll end with some ciphertext. Then we’ll grab the second block of information, we’ll perform the same encryption using the same encryption key, and we’ll have some ciphertext as the output.

Then we’ll grab another block of information, perform exactly the same encryption with the same key, and we have some ciphertext in the output. And we will continue that process all the way through the file until we have encrypted all of the blocks of that file. Each block is encrypted exactly the same way. So if the input is identical, then the output will be identical for every block. Let’s take an example of this where we have an image. And we would like to perform an electronic codebook encryption of that image.

So we’ll take one block at a time from this entire view. If there’s no randomization, or no salt added to this encryption process, we would end up with output that looks just like this. And although this ciphertext is not identical to the original plaintext, it’s still close enough that we could tell what the plaintext was originally.

This is one of the reasons why electronic codebook may not be the best block cipher to use in all scenarios. Another common mode of operation is CBC, or Cipher Block Chaining. Cipher block chaining adds some randomization, which gets around a number of the problems we saw with electronic code book. Each block is XORed with the previous ciphertext block. That means that we perform a different set of input and output to that data to add some randomization.

The XOR stands for Exclusive Or. And it means that if you input two bits that are identical, the output is zero. If you input two bits that are different, the output is a one. And this adds some randomization to the final result. This process usually starts with the first block, which is an IV, or initialization vector, that’s used instead of performing the XOR. This encryption process is very similar to the electronic codebook. We do have plaintext and we have a block cipher encryption with a symmetric key. And then we have the ciphertext output.

But just before the encryption occurs, you’ll notice that we’re adding some additional data. This is our initialization vector, or IV, and this is going to add additional randomization to the final ciphertext. On the second block of data, we’re going to use the resulting ciphertext as the initialization vector for the next block. So you can see by adding this additional randomization to the encryption process, our ciphertext will be different every time even if the plaintext is identical.

Another common type of block cipher mode is the counter mode, or CTR. Counter mode uses an incremental counter to be able to add randomization to the encryption process. With counter mode, we start with the incremental counter and then we encrypt that counter with the block cipher encryption. After that encryption has been done, we will perform the exclusive or to the plain text to finally create the ciphertext.

Instead of using the results of this encryption on the next block, we’ll instead simply increment the counter and then perform exactly the same encryption with the next block of plaintext to create the next set of ciphertext. These modes of operation can not only provide encryption but can also provide authentication. A good example of this is GCM, or the Galois Counter Mode, which combines counter mode with Galois authentication. This provides us with a way to not only encrypt data very quickly but make sure that we can authenticate where the data came from.

This is commonly used in wireless connectivity, IPsec communication, and if you’re connecting to a server using SSH or TLS, then you’re probably using Galois Counter Mode.