# Block Ciphers
Okay, so we've covered a lot of ways to encrypt messages, from basic and pretty insecure ciphers like the Caesar shift to shifts that are generally very secure [**] ~~and somewhat confusing~~ like RSA. Each one has its advantages and insecurities that can make them easy to exploit. At this point, you're probably wondering, "Well, what the heck is the most secure one out there?" Turns out, if you google "most secure encryption algorithm," an overwhelming majority number of sites state that it is AES-256, a type of block cipher. What is that? Well, hush hush! You'll find out in a few minutes 🤓
[comment]: <> (OMG AES so cool)
## Some Vocab!
- **Mode of Operation:** How a block cipher is applied to an amount of data which exceeds a block's size
- **Initialization Vector (IV):** A sequence of bytes which is used to randomize encryption even if the same plaintext is encrypted. Also called a "nonce."
- **Padding:** ensures that the block sizes all line up and ensure the last block fits the block cipher
- **Keystream:** A stream of random or pseudorandom characters that are combined with a plaintext message to produce an encrypted message using XOR.
## The Basics
### What is a block cipher?
Exactly what it sounds like! A **block cipher** is an encryption algorithm that encrypts data block-by-block, each of which have a fixed length. Remember those functions from math? That and a block cipher are pretty much the same; you can feed a block of plaintext into a block cipher, and it will output a block of ciphertext generated by some encryption key and process.
## Feistel Structure
This is used to generate many block ciphers. There are three basic steps used in Feistel ciphers:
1. Divide plaintext into blocks of a certain fixed length (padded of course, you don't want a mistake as costly as "the world wonders")
2. For each block, do the following:
a. Divide block into two halves
b. Perform some function on one half (usually right half)
c. XOR result with other half
d. Repeat 2a-2c for specified number of rounds
3. Repeat step 2 for all blocks
That certainly looks confusing and definitely sounded even more confusing when I said that, right? Here's a helpful visual!
### S-Box and P-Box
We need to understand what these two terms mean before we can go onto the real meat of AES and DES.
An **S-box** is a substitution table used for performing a nonlinear substitution during the encryption process. This typically incorporates *Shannon's property of confusion*, meaning that the connections between the key and the ciphertext are blurred. There is no guarantee the input and output of an S-box will be the same length.
A **P-box** is a permutation table used for permutating bits across inputs of S-boxes. P-boxes mainly are used to obscure any patterns in the plaintext (i.e. "Hello, Diana! Diana, hello!" would certainly not be reflected in a ABBA format after the blocks are put through a P-box). P-box algorithms are linear.
A **substitution-permutation network (SPN)** takes a block of the plaintext and the key as inputs and applies several alternating rounds consisting of a substitution stage (S-box implementation) followed by a permutation stage (P-box implementation) to produce each block of ciphertext output.The non-linear substitution stage mixes the key bits with those of the plaintext, creating Shannon's confusion. The linear permutation stage then dissipates redundancies, creating diffusion.
Now to the part we've all been waiting for...
## DES and AES
Huzzah! We've reached the last and definitely most interesting part of this whole thing.
### Data Encryption Standard (DES):
Remember the Feistel system I went over a little while ago? DES uses a 16-round feistel structure (expansion -> key mixing -> S-box -> P-box).
Unfortunately, we don't really use this anymore because it's easy to break DES. There are a few ways to break it, but the main reason why DES faded away was brute-force attacking. You just have to try every key combination possible until the right one is found. You can then break the cipher and access the plaintext. The number of possibilities is determined by the keys size in bits. Since DES only uses a 64 bit key, the number of combinations is rather small and your typical PC can break it in a few days. Of course, us cryptographers upgraded to the bigger and better version.
## Advanced Encryption Standard (AES):
This is the most secure cipher of all ciphers! It works similarly to DES, but there are a couple differences.
1. **Key Size.** AES can go up to 256 bits, making key mixing that much better. Hence, AES-**256**.
2. **Blocking.** DES divides the plaintext block into two halves, but AES is able to operate on the entire block due to its increased block size
3. **SPN.** AES uses an SPN, while DES uses just a simpler 16-round Feistel structure. Because of the asymmetric structure of AES, it is harder to break.
AES can use 10, 12, or 14 rounds (substitution (S-box) -> transposition (P-box) -> mixing -> key mixing). It's a super complicated process. Fun fact: the right quantum computer would take 2.29*10^32 years to break AES-256. So yeah, it's virtually unbreakable and there's not a point trying to figure out how to break it.
## Block Cipher Modes
**Electronic Codebook:** Applying cipher to each block. Easy peasy! But the problem is that the same block of text will encrypt to the same thing, so not helpful. :(
**Cipher Block Chaining (CBC):** Each block gets XORed with the previous block. Sounds interesting, right? Yep, in a bad way. The problem with CBC is that it's **malleable**, meaning that ciphertext can be converted into different ciphertext, which can then be decrypted and the original plaintext is spat out.
**Counter (CTR):** This encrypts a nonce and a counter. The counter can be any function which produces a sequence which is guaranteed not to repeat for a long time, although an actual increment-by-one counter is the simplest and used most often.
## AES Module Stuff!
https://pycryptodome.readthedocs.io/en/latest/src/cipher/aes.html
This has a lot of good stuff :) it just might help with solving the challenges, so I would take a look at it. Just kidding, let's go through it.
## GO DO THE CHALLENGES!
Sign in with Wallet
Connect another wallet