The core building block of cryptography is the cipher. A cipher is the algorithm used to transform plaintext information into encrypted information (and hopefully back again) to protect it. Fundamentally, there are two families of ciphers to understand. Rather than a comprehensive review of both, let’s look at them briefly to build a common framework upon which we can build.

## Block ciphers

A block cipher is an algorithm that operates on plaintext data one *block* of fixed size at a time. The way these blocks are linked together is based on the mode of operation of the cipher algorithm.

AES is by far the most commonly used and well understood block cipher in modern cryptography. This algorithm works on blocks of 128 bits of data (16 characters) at a time. The keys available are either 128, 192, or 256 bits – a longer key provides greater security for encrypted data.

With AES in particular, as with many other block ciphers, there are several modes in which the algorithm can operate. The easiest is electronic codebook (ECB) mode. In this mode, every block can be encrypted or decrypted individually. Unfortunately, this means the same 16-character chunk of plaintext will *always* produce the same ciphertext.

In cipher block chaining (CBC) mode, each block is mixed into the bytestream of every subsequent block, making it impossible to decrypt any particular block without decrypting the block that comes after it. While this might seem a disadvantage for the algorithm, it actually improves security. CBC is a major improvement upon EBC mode as, in the easier mode, extracting information from the ciphertext is potentially trivial.

One final mode to understand is a counter mode. In various counter modes, each block has a distinct ID that is used, along with the encryption algorithm, to produce a unique ciphertext for every block regardless of the contents. This presents the utility of ECB mode (each block can be encrypted or decrypted individually) without the flaws (leaking information about the plaintext).

## Stream ciphers

A stream cipher is somewhat different in that it combines a given plaintext with a pseudorandom stream derived from a key. This biggest advantage of a stream cipher is the ability to decrypt any section of a large, encrypted payload without needing to decrypt the rest of the data.

In fact, block ciphers can be used as stream ciphers. Rather than being used *directly* to encrypt a message, a block cipher can generate a string of pseudorandom bytes of any length (essentially encrypting a message consisting of infinite `0`

s). A stream cipher would then combine this pseudorandom *keystream* with the plaintext message using `XOR`

operations on each byte.

The impact is that stream ciphers are effectively running key ciphers where the key is derived from a well-defined algorithm.

While AES can be used to generate a keystream (with some arguing that it can be used as a stream cipher), the most widely-used stream cipher today is ChaCha20, a variant of the Salsa20 algorithm. This algorithm lies at the heart of modern HTTP, TLS, and even VPN tools like Wireguard.