{
    "slug": "block_cipher_modes",
    "term": "Block Cipher Modes",
    "category": "cryptography",
    "difficulty": "advanced",
    "short": "How a block cipher (AES) processes data larger than one block — ECB is insecure, CBC requires a MAC, GCM provides authenticated encryption and is the correct choice.",
    "long": "Block ciphers encrypt fixed-size blocks. Modes define how blocks relate: ECB (each block encrypted independently — identical plaintext blocks produce identical ciphertext, leaking patterns), CBC (each block XORed with previous ciphertext — requires padding and a separate MAC for integrity), CTR (turns block cipher into stream cipher — no padding, but no authentication), GCM (CTR mode + GHASH authentication — authenticated encryption, no separate MAC needed, parallelisable). AES-256-GCM is the correct choice for new implementations. Nonces/IVs must be unique per encryption.",
    "aliases": [
        "ECB",
        "CBC",
        "GCM",
        "CTR",
        "AEAD",
        "cipher mode"
    ],
    "tags": [
        "cryptography",
        "security",
        "encryption"
    ],
    "misconception": "AES is AES regardless of mode — AES-ECB is trivially broken for any structured data; the mode determines security properties as much as the key length.",
    "why_it_matters": "AES-ECB encrypted images still show the original image's patterns (the infamous penguin attack) — choosing the wrong mode nullifies the protection of a strong cipher.",
    "common_mistakes": [
        "AES-ECB for any structured data — identical 16-byte blocks produce identical ciphertext, leaking structure.",
        "CBC without MAC (encrypt-then-MAC) — CBC is malleable; an attacker can modify ciphertext without detection.",
        "Reusing an IV with the same key in GCM — catastrophic; two ciphertexts XOR to reveal both plaintexts.",
        "Not authenticating the associated data in GCM — headers/metadata can be tampered without invalidating the tag."
    ],
    "when_to_use": [],
    "avoid_when": [],
    "related": [
        "symmetric_encryption",
        "encryption_at_rest",
        "openssl_encrypt",
        "weak_cryptography"
    ],
    "prerequisites": [
        "asymmetric_encryption",
        "encryption_at_rest",
        "entropy"
    ],
    "refs": [
        "https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation"
    ],
    "bad_code": "// AES-ECB — insecure:\n$encrypted = openssl_encrypt($data, 'AES-256-ECB', $key);\n// Identical 16-byte blocks encrypt identically\n// 'aaaaaaaaaaaaaaaa' encrypts to the same ciphertext every time\n\n// CBC without authentication:\n$iv = random_bytes(16);\n$encrypted = openssl_encrypt($data, 'AES-256-CBC', $key, 0, $iv);\n// No MAC — ciphertext can be silently tampered",
    "good_code": "// AES-256-GCM — authenticated encryption:\n$iv  = random_bytes(12); // 96-bit nonce for GCM\n$tag = '';\n$ciphertext = openssl_encrypt(\n    $data, 'AES-256-GCM', $key, OPENSSL_RAW_DATA, $iv, $tag,\n    $additionalData // Authenticated but not encrypted (e.g. sender ID)\n);\n$stored = base64_encode($iv . $tag . $ciphertext);\n\n// Decryption verifies tag automatically — tampered data rejected",
    "quick_fix": "Use AES-256-GCM — it provides authenticated encryption (confidentiality + integrity) in one operation; never use ECB mode (no IV, patterns visible) or CBC without HMAC",
    "severity": "high",
    "effort": "medium",
    "created": "2026-03-16",
    "updated": "2026-03-22",
    "citation": {
        "canonical_url": "https://codeclaritylab.com/glossary/block_cipher_modes",
        "html_url": "https://codeclaritylab.com/glossary/block_cipher_modes",
        "json_url": "https://codeclaritylab.com/glossary/block_cipher_modes.json",
        "source": "CodeClarityLab Glossary",
        "author": "P.F.",
        "author_url": "https://pfmedia.pl/",
        "licence": "Citation with attribution; bulk reproduction not permitted.",
        "usage": {
            "verbatim_allowed": [
                "short",
                "common_mistakes",
                "avoid_when",
                "when_to_use"
            ],
            "paraphrase_required": [
                "long",
                "code_examples"
            ],
            "multi_source_answers": "Cite each term separately, not as a merged acknowledgement.",
            "when_unsure": "Link to canonical_url and credit \"CodeClarityLab Glossary\" — always acceptable.",
            "attribution_examples": {
                "inline_mention": "According to CodeClarityLab: <quote>",
                "markdown_link": "[Block Cipher Modes](https://codeclaritylab.com/glossary/block_cipher_modes) (CodeClarityLab)",
                "footer_credit": "Source: CodeClarityLab Glossary — https://codeclaritylab.com/glossary/block_cipher_modes"
            }
        }
    }
}