Definition

What is cipher block chaining (CBC)?

By

Rahul Awati

Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block. Cipher block chaining uses an initialization vector (IV) of a certain length. By using this with a single encryption key, organizations and individuals can safely encrypt and decrypt large amounts of plaintext.

A chart showing how cryptography works. — Cipher block chaining is a cryptographic method used for turning plaintext into ciphertext and back again.

CBC is a specific operational mode in encryption. In this mode, each plaintext block is exclusive-OR'd or XORed (numerically combined) with the previous ciphertext block and then encrypted. An XOR is a coding mechanism or binary function used to combine different inputs. In CBC, XOR facilitates the combination of plaintext blocks and encryption keys. The process repeats until all plaintext blocks are successfully turned into ciphertext blocks.

One of CBC's key characteristics is its use of a chaining process that causes the decryption of a block of ciphertext to depend on all the preceding ciphertext blocks. As a result, the entire validity of all preceding blocks is contained in the previous, adjacent ciphertext block. A single bit error in a ciphertext block affects the decryption of all subsequent blocks. Rearrangement of the order of the ciphertext blocks, for example, can cause the decryption process to become corrupted.

CBC is a commonly used legacy encryption mode.

A chart showing how encryption works. — Cipher block chaining is a mode of encryption that encrypts plaintext into unreadable ciphertext.

CBC's popularity stems from its simplicity and ease of implementation. There's a popular misconception, however, that CBC provides authenticity in encryption. This is not true, even though multiple blocks of plaintext get altered in a nontrivial manner when just a single bit of ciphertext is altered.

How does cipher block chaining work?

CBC is used to encrypt and decrypt large plaintext inputs by creating a cryptographic "chain" in which each ciphertext block is dependent on the last block. The use of the XOR binary function means that two bits are compared and the output altered with a third bit before the encryption key is applied. Also, the plaintext is divided into blocks, with the algorithm specifying the block size.

The first step to initiate a cipher block chain is to XOR the first of many plaintext blocks with an IV. A unique, fixed-length conversion function, the IV is used to create a random or pseudorandom output. It is the same size (length) as the cipher block and need not be secret. This XOR output is then encrypted using a cipher key to produce a ciphertext block, an encrypted text format that can be decrypted with the correct key.

After the first plaintext block is transformed into a ciphertext block, the subsequent plaintext block must be encrypted using a similar process. The only difference in these subsequent steps is that the ciphertext block replaces the IV as one of the XOR inputs. In other words, the encryption of the plaintext block after the first one is dependent on the encryption of the first plaintext block. With each plaintext block encryption, the adjacent ciphertext block must be used -- like a chain (hence the term "block chaining"). The second ciphertext block is produced by XORing the first ciphertext block with the second plaintext block and using the same encryption key. This process repeats until there is no more plaintext left to encrypt.

The CBC decryption process works in a similar but distinct way. In contrast to similar decryption methods, the process does not start with the final ciphertext block. It can all happen simultaneously because all inputs are present.

Inverting the CBC procedure requires reversing the encryption process by first feeding the first ciphertext block through the decryption process. This involves using the same encryption key as before but on the ciphertext block. The product of this interaction is then XORed with the original IV to extract the original plaintext block.

Decrypting the second ciphertext block is different from decrypting the first one because an IV cannot be used. After combining the second ciphertext block with the cipher key, the output is XORed with the first ciphertext block to produce the second plaintext block. The previous ciphertext block replaces the IV during decryption. This is how the second ciphertext block was originally created; the second plaintext block and the first ciphertext block were XORed together. The process is complete once all ciphertexts have been successfully decrypted into plaintext.

Identical ciphertext blocks can only be produced if the same plaintext block is encrypted using the same key, IV and ciphertext block order. Ideally, the IV should be different for any two messages encrypted with the same key. Patterns like this can make it that much easier for malicious hackers or cybercriminals to decrypt a series of responses because the decryption is more predictable. Though the IV doesn't need to be a secret, some applications, such as security consultancy, might find this desirable.

Electronic codebook vs. cipher block chaining

Both ECB and CBC are types of "block ciphers." These are encryption algorithms that take in a plaintext input of fixed bit size and produce a ciphertext of certain bit size for a given secret key. In both cipher types, the algorithm specifies the block size the plaintext will be divided into.

A key difference between the two ciphers is that CBC involves the use of an IV that is used for the first encryption. The use of the IV in CBC ensures that the first encrypted data block is random. It also destroys patterns in the resulting ciphertext and prevents identical plaintexts from encrypting to the same ciphertext. EBC does not use IV; rather the data is encrypted directly with the cipher. This is why patterns always exist in EBC, resulting in identical plaintext blocks always encrypting into identical ciphertext blocks. This quality of a direct relationship between plaintext and ciphertext makes EBC more prone to cryptanalysis. It also creates a potential for information leakage if the same plaintext block is encrypted more than once. This is why ECB cannot achieve privacy.

ECB offers one advantage over CBC: non-propagation of errors. With ECB, an error in a ciphertext block will only affect the decryption of that block. Subsequent blocks are not affected. Subsequent blocks are affected in CBC when an error occurs in a ciphertext block.

ECB is a faster encryption mode than CBC. It also supports parallel encryption of blocks. Parallel encryption is impossible with CBC since the encryption of every block requires a previous cipher (a serialization problem). Despite this drawback, CBC provides a more secure encryption mechanism than EBC, particularly for longer messages.

The advantages of cipher block chaining

CBC is among the most used methods for encrypting large messages. It is the more secure successor of ECB. In ECB, the plaintext is divided into blocks (the algorithm specifies size), and each block is encrypted into a ciphertext block. Since identical plaintext blocks always encrypt into the same ciphertext block using the same encryption key, ECB is not the most secure mode for encrypting messages longer than one block.

CBC eliminates the ECB security problem. This is because identical blocks do not share the same cipher. In CBC, the XORing process hides plaintext patterns. Even if two plaintext blocks were identical, they'd be unlikely to produce identical or even similar results when encrypted. There's only a minuscule chance that XORing the second and third ciphertext blocks would produce the same product as XORing the first plaintext block with the IV.

The other advantages of CBC include the following.

Reliable encryption performance for larger plaintext inputs. The generation of an IV the same size as the plaintext block and the use of the XOR function with the IV for the first plaintext block and, subsequently, with ciphertext blocks created from the previous plaintext blocks before encryption ensures more secure encryption, even for longer messages. CBC can reliably encrypt large plaintext inputs, albeit at a slower pace than some parallel encryption algorithms.

Better security. Because CBC relies on using previous ciphertext blocks to XOR and encrypt subsequent plaintext blocks, hackers and unauthorized or malicious decryptors must have all ciphertext blocks available to successfully decrypt entire CBC outputs. This almost never happens. Also, as a multistep encryption mechanism, CBC is difficult to deconstruct. These qualities increase the security of the messages encrypted with CBC.

In a way, CBC is an example of effective challenge-response authentication. A user or group that requires access to a certain set of documents must be able to present the necessary ciphertext blocks to successfully decrypt the entire message or text.

The disadvantages of cipher block chaining

CBC does have a few drawbacks.

Not tolerant of block losses. While distinct ciphertext blocks are extremely useful in terms of encryption strength, they can be a detriment in terms of decryption reliability. If one or more of the ciphertext blocks becomes lost, damaged or corrupted, a user won't be able to perform a complete decryption. While this can be a minimal inconvenience and rarely happens, it does force the need to employ secure storage systems to retain all ciphertext data and to prevent block losses.

Encryption errors can propagate through the chain. Due to the use of chaining, CBC increases the likelihood of persistent encryption errors. The very first encrypted block itself is an IV containing random data. If there happens to be an encryption error in this or any other block, the error will keep occurring throughout subsequent blocks, compromising encryption integrity.

Parallel CBC encryption is not possible. Due to the recursive nature of CBC's encryption process, each plaintext block encryption is dependent on the last. This is why it is impossible to simultaneously encrypt all plaintext inputs and achieve parallel encryption. The order is so important that any switches during encryption would result in a completely different set of ciphertext blocks.

See best practices for wireless network security, five tips for managing guest wireless network access and how the WPA3 security protocol simplifies logins and secures IoT. Learn why experts warn cryptography techniques must keep pace with threats and about the importance of security and data encryption in the cloud. Explore what quantum computers mean for cryptography.

This was last updated in December 2024

Continue Reading About What is cipher block chaining (CBC)?

Format-preserving encryption use cases, benefits, alternative

Hackers build a better timing attack to crack encryption keys

Cryptography basics: Symmetric key encryption algorithms

What is data security? The ultimate guide

Weighing double key encryption challenges, payoffs

Dig Deeper on Data security and privacy

Search Networking

The business case for AI-driven network orchestration
Organizations that are considering AI-driven network orchestration will find it has many business cases -- chief among them are ...
The purpose of route poisoning in networking
Route poisoning is an effective way of stopping routers from sending data packets across bad links and stop routing loops. This ...
Arista simplifies switching to its campus network
Arista says companies can switch to its campus network while holding on to legacy stacked switches.

Search CIO

Trump appointments show potential for U.S.-China relations
Apart from President-elect Donald Trump's promise to take a strong stance on goods imported from China, collaboration might be ...
Experts urge DOGE to prioritize tech over agency cuts
Elon Musk and Vivek Ramaswamy want to 'delete' federal agencies. However, some hope the duo will turn their focus to improving ...
Intel CEO Pat Gelsinger out; board searches for new CEO
Gelsinger's turnaround plans -- including layoffs, restructuring and foundries -- weren't enough to pull the company out of ...

Search Enterprise Desktop

Comparing Microsoft 365 Copilot vs. GitHub Copilot
There are significant differences between the various Copilots Microsoft has brought to market. Find out details about two of the...
How to choose between Windows 10 IoT and Linux
Choosing between Windows IoT and Linux for IoT device management might seem like an obvious choice, but six core factors could ...
How to create a custom Windows 11 ISO file
With a custom Windows 11 ISO file, IT departments can streamline deployment and apply new version of Windows to repair OS ...

Cloud Computing

How to prepare for long-lasting cloud outages
Cloud outages are more than a technical inconvenience -- they can threaten business continuity, customer satisfaction, security ...
How to create an EC2 instance from the AWS Console
AWS has made launching EC2 instances an easy task, but there are still many steps to the result. Learn how to successfully create...
Understanding SaaS migration benefits and best practices
Consider the four common approaches to single-tenant and multi-tenant SaaS migration and get a good grasp on tradeoffs and ...

ComputerWeekly.com

iOS vuln leaves user data dangerously exposed
Jamf threat researchers detail an exploit chain for a recently patched iOS vulnerability that enables a threat actor to steal ...
Defending against cyber grinches: AI for enhanced security
On the Seventh Day of AI, Defending against cyber grinches: AI for enhanced security, we explore the double-edged sword of AI in ...
UK police continue to hold millions of custody images unlawfully
Annual report from the biometrics and surveillance camera commissioner of England and Wales highlights the ongoing and unlawful ...

Close