Hi there. So the first building block of cryptography that we'd like to talk about are block ciphers and block ciphers are basically an algorithm where you use it to take a plaintext message. So something that you want to keep secret and you put it through the block cipher and get out the cipher text output. So cipher-text is the plaintext message all jumbled up so no one but you can read it if you have the private key and the decryption algorithm, and that will be the focus for this lesson. After this lesson, you will be able to explain what a block cipher is and the types of block cipher modes of operation. Let's dive in. Block ciphers come in specific bit length sizes. So for example, a block cipher of a 128 bits or 256 bits size. We can encrypt a message having at most the same bit length as a block cipher. When we use the term 'block' we mean a fixed length group of bits. This is what is called a block, a fixed length group of bits. With that said, the ciphertext output, given a private key and a plaintext message should have no relationship to the plaintext message input. This means that you should not be able to see any sort of relational or a pattern that maps back to the plaintext message. Now, with the introduction completed, we can think about a first stab at using a block cipher and the way I'm going to show you now how one would start off with using a block cipher. This method is just a way for you to get a feel for what it is that the block cipher is doing. What I'm talking about here, this method right now, is called ECB mode. This is a mode of operation for using a block cipher, but don't encrypt your data in this way that I'm about to show you. This is because you will be able to see a pattern in the ciphertext if the original message has a regular pattern and this can leak information. With that said, to get an instinct for how block ciphers are used, we can look at this example. Say you had a message and a message is a set of bits of ones and zeros. Let's assume that that length of this message, that set of bits, its length is divisible by one length of a block cipher. So what we go on and do is we chop up this total size of message length into little pieces with a length of the block cipher size. So here we have the message chopped up into those little pieces with one piece each being equal to the block size. Now, given a private key, what we could do for one operation is to take one block of the message and feed it into the block cipher given a private key and have as output some ciphertext which has the same number of bits as the block cipher and the message block. Now we do the same operation with the same private key. We take the next block of that message and we use that as input into the block cipher and we get out another ciphertext block with the same number of bits as the block cipher and the message block. We continue this operation until we no longer have any message blocks to encrypt and we take the set of cipher text blocks and we concatenate them into one giant ciphertext block as seen here. Now again this is called ECB mode. Do not do this. There is a better way to encrypt and we'll talk about that next. But with this explanation you might be wondering what happens if the message that we are wanting to encrypt is not divisible evenly by one block cipher size? What we do is, we use block ciphers in different block cipher modes and I'm going to talk about that next. Block cipher modes are what we use when we need to encrypt a message that isn't evenly divisible by a block size. What you need to do is, you need to pad the total message with some zero bits. In other words, you pad it with some extra bits such that the total message length then becomes evenly divisible by one block cipher size. So effectively, you pad it with a set of zero bits so it doesn't change the meaning. Then you perform the encryption in CBC mode for example. This is what's done. Now you can use a block cipher as a stream cipher so that you don't have to pad it with extra bits and you can do this using the mode called CTR mode. CTR mode requires the use of something called a nonce. A nonce is a number that you use only once, and it adds a randomization to the resulting ciphertext. But according to Ferguson, Schneier and Kohno, CTR is only good if you can guarantee that that nonce is always unique. Now, I mentioned CBC cipher mode earlier. We're going to take a look at that in a little bit more detail. As I mentioned earlier, there are several different ways or block cipher modes that you can use in order to use a block cipher and we touched upon the ECB mode, which is just going and encrypting each divisible block-by-block cipher and getting the ciphertext out. Remember, do not use ECB mode. Now you can also use OFB or CTR and also, CBC is another way of using a block cipher. We're going to concentrate on the CBC mode in this lecture because it's the one that's currently recommended. In general, the way CBC mode works is that when you have plaintext, you XOR it with the previous ciphertext result and use that XOR result as input to the block cipher algorithm given a private key, and you get the resulting ciphertext out. You keep doing this process until you have no more message blocks to encrypt. So if we look at this a little further, the name of the game is to randomize the plaintext message using the previous ciphertext block as I had mentioned earlier. You would do this by XORing or performing an XOR operation with a plaintext message and a previous ciphertext result. So in a little bit more detail, what ends up happening is, if you imagine the plaintext message as one giant set of bits, then we chop up that set of bits into smaller bit groups that are the same size as the block cipher block size. As you see here the plaintext here has already been chopped up into the same size as the block cipher block size. Now again, what happens is, the ciphertexts from the previous operation is used as input to the XOR operation between itself and the current plaintext block that we want to encrypt and we take that result and we put it into the block cipher encryption algorithm. Then given the private key, we run that block cipher encryption algorithm and out comes ciphertext. Then we use that ciphertext as input into the XOR operation for the next block that we want to encrypt. But now you must be asking, what happens to the very first block? There is no previous ciphertext to XOR it with. What we would need to do is use something called an initialization vector. The initialization vector or also known as IV, is a set of bits that has the same bit length as the block cipher block size that we use to XOR the very first plaintext block with, and that is what we're able to get in order to randomize the first plaintext block. So that's what initialization vector does and what's suggested is to use a random initialization vector. According to Ferguson, Schneier and Kohno, the block cipher mode to use is CBC block cipher mode with a random IV. Now, to take this a step further, let's look at this from a higher level perspective. In summary, before you start an encryption session, you need a private key, a plaintext message, and some encryption algorithm that is set to a specific cipher mode and the resulting output of this encryption algorithm is a ciphertext message that you need to send to whomever you want to send this message to, so the receiver. What's recommended by Ferguson et al is the encryption algorithm called AES with a 256 bit block size in CBC mode with a random IV.