cipher block chaining (CBC)

What is cipher block chaining?

Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block. Cipher block chaining uses what is known as an initialization vector (IV) of a certain length. By using this along with a single encryption key, organizations and individuals can safely encrypt and decrypt large amounts of plaintext.

One of CBC's key characteristics is that it uses a chaining process that causes the decryption of a block of ciphertext to depend on all the preceding ciphertext blocks. As a result, the entire validity of all preceding blocks is contained in the previous, adjacent ciphertext block. A single bit error in a ciphertext block affects the decryption of all subsequent blocks. Rearrangement of the order of the ciphertext blocks, for example, can cause the decryption process to become corrupted.

Essentially, in cipher block chaining, each plaintext block is XORed (numerically combined) with the previous ciphertext block and then encrypted. An XOR is a coding mechanism used to combine different inputs. It is used in this case to facilitate the combination of plaintext blocks and encryption keys. The process repeats itself until all plaintext blocks have been successfully turned into ciphertext blocks.

how cryptography works
Cipher block chaining is a cryptographic method used for turning plaintext into ciphertext and back again.

How does cipher block chaining work?

Cipher block chaining is a process used to encrypt and decrypt large plaintext inputs by creating a cryptographic chain wherein each ciphertext block is dependent on the last.

The first step to initiating a cipher block chain is to XOR the first of many plaintext blocks with an IV -- a unique, fixed-length conversion function -- to create a random, or pseudorandom, output. This XOR output is then encrypted using a cipher key to produce a ciphertext block, an encrypted text format that can be decrypted with the correct key.

For example, after the first plaintext block has been transformed into a ciphertext block, the subsequent plaintext block must be encrypted using a similar process. The only difference, however, is that the ciphertext block replaces the IV as one of the XOR inputs. This means that the encryption of the plaintext block after the first one is dependent on the encryption of the first plaintext block. With each plaintext block encryption, the adjacent ciphertext block must be used -- like a chain. Therefore, the second ciphertext block is produced by XORing the first ciphertext block with the second plaintext block and using the same encryption key. This process would repeat itself until there is no more plaintext left to encrypt.

The CBC decryption process works in a similar but distinct way. Contrary to similar decryption methods, the process does not start with the final ciphertext block. In fact, it can all happen simultaneously because all inputs are present.

To invert the cipher block chaining procedure, one must essentially reverse the encryption process. To do that, one must first feed the first ciphertext block through the decryption process. This involves using the same encryption key as before but on the ciphertext block. The product of this interaction is then XORed with the original IV to extract the original plaintext block. While similar, decrypting the second ciphertext block is different from decrypting the first one because an IV cannot be used.

After combining the second ciphertext block with the cipher key, the output is XORed with the first ciphertext block to produce the second plaintext block. In this case, the previous ciphertext block replaces the IV during the decryption process. Remember, this is how the second ciphertext block was originally created; the second plaintext block and the first ciphertext block were XORed together. The process is complete once all ciphertexts have been successfully decrypted into plaintext.

Identical ciphertext blocks can only be produced if the same plaintext block is encrypted using the same key, IV and ciphertext block order. Ideally, the IV should be different for any two messages encrypted with the same key. Patterns like this can make it that much easier for malicious hackers or cybercriminals to decrypt a series of responses because the decryption is more predictable. Though the IV doesn't need to be a secret, some applications, such as security consultancy, may find this desirable.

how encryption works
Cipher block chaining is a mode of encryption that encrypts plaintext into unreadable ciphertext.

The advantages of cipher block chaining

Cipher block chaining is one of the most used methods for encrypting large messages. As the more secure successor of electronic codebook (ECB) -- the easiest block cipher mode of functioning -- CBC can reliably encrypt large plaintext inputs but at a slower pace than some parallel encryption algorithms.

Here are some advantages to cipher block chaining.

Identical blocks do not share the same cipher

CBC has the advantage over the ECB mode in that the XORing process hides plaintext patterns. Even if the first plaintext block and third plaintext block were the exact same segment of plaintext, it is highly unlikely that the first ciphertext block and third ciphertext block would be the same. Essentially, this means that two identical pieces of plaintext, when encrypted, should not produce identical, or even similar, results. The only reason why it is not impossible is that there is a minuscule chance that XORing the second ciphertext block and the third plaintext block produces the same product as XORing the first plaintext block with the IV.

Better security

Because cipher block chaining relies on using previous ciphertext blocks to encrypt subsequent plaintext blocks, hackers and decryptors must have all ciphertext blocks available in order to successfully decrypt entire CBC outputs. This multistep encryption mechanism makes it difficult to deconstruct, thereby increasing the security of the messages it is trying to encrypt.

In a way, CBC is an example of effective challenge-response authentication. A user or group that requires access to a certain set of documents must be able to present the necessary ciphertext blocks to successfully decrypt the entire message or text.

The disadvantages of cipher block chaining

As effective as cipher block chaining is in securing large amounts of plaintext, it does have its challenges, especially when it comes to speed and convenience.

Not tolerant of block losses

While distinct ciphertext blocks are extremely useful in terms of encryption strength, they can be a detriment in terms of decryption reliability. If one or more of the ciphertext blocks becomes lost, damaged or corrupted, a user won't be able to perform a complete decryption. While this can be a minimal inconvenience and rarely happens, it does force agencies to employ secure storage systems to retain all ciphertext data.

Parallel CBC encryption is not possible

Due to the recursive nature of CBC's encryption process, it is impossible to simultaneously encrypt all plaintext inputs using cipher block chaining. Without having collected all previous ciphertext blocks, a user cannot achieve parallel encryption because each plaintext block encryption is dependent on the last. The order is so important that, if it were switched during the CBC encryption process, it would result in a completely different set of ciphertext blocks.

This was last updated in May 2021

Continue Reading About cipher block chaining (CBC)

Dig Deeper on Data security and privacy

Enterprise Desktop
Cloud Computing