When Is A Block Cipher Not A Block Cipher?

When Is A Block Cipher Not A Block Cipher?

Ask most people about whether AES is a block cipher or a stream cipher, and they will typically say that it’s a block cipher. But that’s not quite true, as some of the AES modes implement with a 128-bit block, while other methods implement a stream cipher. The block cipher modes are then ECB (Electronic Code Book) and CBC (Cipher Block Chaining). These modes then require padding, in order to make sure that we fill up all the blocks. A standard padding method is CMS (Cryptographic Message Syntax), and which fill the last block with the value for the number of missing bytes. For example, if we have “hello”, we have:

68656c6c6f0b0b0b0b0b0b0b0b0b0b0b 
[https://repl.it/@billbuchanan/padding]

and where 0x68 is an ‘a’. With ECB, we do not use salt, so we get the same cipher for the same plaintext and the same key:

The other method we have for a block cipher is CBC (Cipher Block Chaining) and which adds a 64-bit salt value to the cipher process. We then store the salt with the cipher so that it can be used in the decryption process:

But there are stream cipher modes, and which do not require padding. These include OFB (Output Feedback Block) and CTR (Counter). With OFB, we have a salt value that is added, and which changes the ciphertext for the same key and plaintext:

But what if we need to process the stream in parallel, then we can use the counter mode, and where each block processed has a counter value? The following implements CTR mode:

One thing that is important is that the counter value must not repeat within a reasonable amount of time, as it will be a trivial task to crack the ciphertext. So, here a few demos:

Overall stream ciphers are often faster than block ciphers, and they do not need padding added. If you are interested, here is GCM (Galois Counter Mode) and which is also a stream cipher, and builds on CTR mode but contains an Message Authentication Code (MAC):

and in Golang: