One way of encrypting
data is encrypting a block
of information at a time.
We would take a single
piece of information
and we would cut it into
these single-sized blocks.
And then perform encryption
on a single block at a time.
This encryption that
we would perform
can be done in many
different kinds of ways.
We call this a
mode of operation.
And it defines how that
encryption process will occur.
Although this encryption process
is using the same size blocks
during the encryption
process, your data
may not fall perfectly into
that particular block size.
If the particular mode of
operation that you're using
requires a fixed
block size, that it's
very common to pad
the data that you've
added to come to the
exact size that's
required for that
encryption mode.
One of the simplest
modes of operation
is called ECB, or
Electronic Codebook.
This mode of
operation is so simple
that it's not commonly
used for most use
cases that require encryption.
Each block that we're
going to encrypt
is going to be encrypted
with exactly the same key.
With ECB, we start with
a block of plain text,
and we have our key.
We put both of those into
the block cipher encryption
and we receive some ciphertext.
We take the next
block of information
and we perform exactly
the same function
with exactly the same key.
One of the challenges
with ECB is
that if we do have blocks of
plain text that are identical,
our key is obviously identical
between all of these,
and the block cipher
encryption process
is the same, which
means that ciphertext
at the end of these three
identical plaintext blocks
will also be identical
to each other.
If we were to look
at this visually
we would see, for
example, a picture
that I might want to encrypt.
And if I encrypt this using
ECB, Electronic Codebook,
without any other type of
randomization for each block,
you'll see that it becomes
very easy to discern
exactly what it was
that I originally
was trying to encrypt.
A popular mode of
operation that's
relatively easy to implement is
CBC, or Cipher Block Chaining.
With Cipher Block Chaining,
we add some randomization
into the block cipher process.
We take each
plaintext block and we
XOR it with the previous
ciphertext block
that we created.
This is adding the
randomization that we
didn't have with our Electronic
Codebook mode of operation.
We obviously don't have
ciphertext for the first block
that we're using.
So we'll use an IV, or
initialization vector,
to be able to add randomization
for the very first block
that we encrypt.
The process for
Cipher Block Chaining
isn't much more complicated
than the Electronic Codebook.
But we add the randomization
with the initialization vector
that is XORed with
the plaintext block.
That's then added to the block
cipher encryption with our key
and we receive the final
ciphertext of that block.
For the second block
that we need to encrypt,
instead of using the
initialization vector
we'll take the ciphertext
that we just encrypted
and use that as the XOR
to add more randomisation.
That's then added to the
Cipher Block Chaining.
We'll add our key and receive
the next block of ciphertext,
and so on.
With these previous
modes of operation
there were fixed-size blocks.
But what if you were
streaming information
and you never had a block
worth of information
to be able to encrypt
at any particular time?
For that type of
encryption, we may
want to use the CTR mode, or
the Counter Mode, of encryption.
This is a block cipher mode
that acts like a stream cipher.
This mode uses a
fixed-sized counter
that takes the place of
the fixed information
and then we can add
any particular size
we'd like of the
information to be encrypted.
Instead of using a 128-bit
block, for example,
we could encrypt
eight bits at a time.
This starts with a counter.
Then we can start this
counter at zero, or any number
that you would like.
We would encrypt this using
our key in Counter Mode.
We would XOR the result
with our plaintext block
to create the ciphertext.
We would perform the same
function on the next block
but we're going to increase
the counter by one.
We're going to encrypt that
using our counter encryption
mode with our key.
And then we'll take
our plaintext block
and XOR those results to
get the final ciphertext.
For subsequent blocks
we will continue
to increment that counter.
And that's also providing
the randomization
that we need if any of
our plaintext blocks
happen to be identical.
If you need to combine
authentication with these block
mode encryption methods, you
can use GCM, or Galois Counter
Mode.
This combines the
Counter Mode that we just
saw with some additional
functions that
were created by Evariste
Galois, the mathematician.
One of the advantages of
the GCM mode of operation
is that we're able to
provide both encryption
and authentication
at the same time.
And we're able to do this with
a minimum amount of latency
and a minimum
operational overhead.
Because of this efficiency,
it's common to see GCM being
used for network communication.
You'll see this on
wireless networks
and IPsec encrypted tunnels.
And it's commonly used for
encryption to a web server
using SSH or TLS.
