Block size (cryptography)
Encyclopedia
In modern cryptography
, symmetric key cipher
s are generally divided into stream cipher
s and block cipher
s. Block cipher
s operate on a fixed length string of bit
s. The length of this bit string is the block size. Both the input (plaintext
) and output (ciphertext
) are the same length; the output cannot be shorter than the input — this follows logically from the Pigeonhole principle and the fact that the cipher must be reversible — and it is undesirable for the output to be longer than the input.
Until the announcement of NIST's AES contest
, the majority of block ciphers followed the example of the DES
in using a block size of 64 bits (8 byte
s). However the Birthday paradox tells us that after accumulating a number of blocks equal to the square root
of the total number possible, there will be an approximately 50% chance of two or more being the same, which would start to leak information about the message contents. Thus even when used with a proper encryption mode
(e.g. CBC or OFB), only 232 x 8 B = 32 GB of data can be safely sent under one key. In practice a greater margin of security is desired, restricting a single key to the encryption of much less data - say a few hundred megabytes. Once that seemed like a fair amount of data, but today it is easily exceeded. If the cipher mode
does not properly randomise the input, the limit is even lower.
Consequently AES candidates were required to support a block length of 128 bits (16 bytes). This should be acceptable for up to 264 x 16 B = 256 Exabyte
s of data, and should suffice for quite a few years to come. The winner of the AES contest, Rijndael, supports block and key sizes of 128, 192, and 256 bits, but in AES the block size is always 128 bits. The extra block sizes were not adopted by the AES
standard.
Many block ciphers, such as RC5
, support a variable block size. The Luby-Rackoff
construction and the Outerbridge construction can both increase the effective block size of a cipher.
Joan Daemen
's 3-Way
and BaseKing
have unusual block sizes of 96 and 192 bits, respectively.
There are techniques for creating ciphers on unusual or fractional block sizes (i.e. domains whose size is not a power of two); see Format-Preserving Encryption
.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, symmetric key cipher
Cipher
In cryptography, a cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. In non-technical usage, a “cipher” is the same thing as a “code”; however, the concepts...
s are generally divided into stream cipher
Stream cipher
In cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream . In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption...
s and block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
s. Block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
s operate on a fixed length string of bit
Bit
A bit is the basic unit of information in computing and telecommunications; it is the amount of information stored by a digital device or other physical system that exists in one of two possible distinct states...
s. The length of this bit string is the block size. Both the input (plaintext
Plaintext
In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties....
) and output (ciphertext
Ciphertext
In cryptography, ciphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext that is unreadable by a human or computer without the proper cipher...
) are the same length; the output cannot be shorter than the input — this follows logically from the Pigeonhole principle and the fact that the cipher must be reversible — and it is undesirable for the output to be longer than the input.
Until the announcement of NIST's AES contest
Advanced Encryption Standard process
The Advanced Encryption Standard , the block cipher ratified as a standard by National Institute of Standards and Technology of the United States , was chosen using a process markedly more open and transparent than its predecessor, the aging Data Encryption Standard...
, the majority of block ciphers followed the example of the DES
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
in using a block size of 64 bits (8 byte
Byte
The byte is a unit of digital information in computing and telecommunications that most commonly consists of eight bits. Historically, a byte was the number of bits used to encode a single character of text in a computer and for this reason it is the basic addressable element in many computer...
s). However the Birthday paradox tells us that after accumulating a number of blocks equal to the square root
Square root
In mathematics, a square root of a number x is a number r such that r2 = x, or, in other words, a number r whose square is x...
of the total number possible, there will be an approximately 50% chance of two or more being the same, which would start to leak information about the message contents. Thus even when used with a proper encryption mode
Block cipher modes of operation
In cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.A block cipher by itself allows encryption only of a single data block of the cipher's block length. When targeting a variable-length message, the data must first be...
(e.g. CBC or OFB), only 232 x 8 B = 32 GB of data can be safely sent under one key. In practice a greater margin of security is desired, restricting a single key to the encryption of much less data - say a few hundred megabytes. Once that seemed like a fair amount of data, but today it is easily exceeded. If the cipher mode
Block cipher modes of operation
In cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.A block cipher by itself allows encryption only of a single data block of the cipher's block length. When targeting a variable-length message, the data must first be...
does not properly randomise the input, the limit is even lower.
Consequently AES candidates were required to support a block length of 128 bits (16 bytes). This should be acceptable for up to 264 x 16 B = 256 Exabyte
Exabyte
The exabyte is a unit of information or computer storage equal to one quintillion bytes . The unit symbol for the exabyte is EB...
s of data, and should suffice for quite a few years to come. The winner of the AES contest, Rijndael, supports block and key sizes of 128, 192, and 256 bits, but in AES the block size is always 128 bits. The extra block sizes were not adopted by the AES
Advanced Encryption Standard
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
standard.
Many block ciphers, such as RC5
RC5
In cryptography, RC5 is a block cipher notable for its simplicity. Designed by Ronald Rivest in 1994, RC stands for "Rivest Cipher", or alternatively, "Ron's Code"...
, support a variable block size. The Luby-Rackoff
Feistel cipher
In cryptography, a Feistel cipher is a symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel who did pioneering research while working for IBM ; it is also commonly known as a Feistel network. A large proportion of block...
construction and the Outerbridge construction can both increase the effective block size of a cipher.
Joan Daemen
Joan Daemen
Joan Daemen |Limburg]], Belgium) is a Belgian cryptographer and one of the designers of Rijndael, the Advanced Encryption Standard , together with Vincent Rijmen. He has also designed or co-designed the MMB, Square, SHARK, NOEKEON, 3-Way, and BaseKing block ciphers...
's 3-Way
3-Way
In cryptography, 3-Way is a block cipher designed in 1994 by Joan Daemen, who also designed Rijndael, the winner of NIST's Advanced Encryption Standard contest....
and BaseKing
BaseKing
In cryptography, BaseKing is a block cipher designed in 1994 by Joan Daemen. It is very closely related to 3-Way; indeed, the two are variants of the same general cipher technique....
have unusual block sizes of 96 and 192 bits, respectively.
There are techniques for creating ciphers on unusual or fractional block sizes (i.e. domains whose size is not a power of two); see Format-Preserving Encryption
Format-Preserving Encryption
In cryptography, format-preserving encryption refers to encrypting in such a way that the output is in the same format as the input . The meaning of "format" varies...
.