Cryptographic Modes of Operation

Block ciphers are cryptographic algorithms that encrypt fixed-size blocks of data

A cryptographic mode of operation for a block cipher describes the different ways that cryptographic algorithm may transform data to achieve sufficient complexity that offer protection against attacks.

This post features cryptographic modes of operation for block cipher.

List of Cryptographic Modes of Operation

Cryptographic modes of operation featured on this post:

  • Electronic Code Book (ECB)
  • Cipher Block Chaining (CBC)
  • Cipher Feedback (CFB)
  • Output Feedback (OFB)
  • Counter (CTR)
  • Galois/Counter (GCM)
  • Counter with Cipher Block Chaining Message Authentication Code (CCM)


Electronic Code Book (ECB): In ECB mode, each block of plaintext is encrypted independently with the same key, which can lead to security vulnerabilities if identical plaintext blocks are present in the input, as they’ll produce identical ciphertext blocks.


Cipher Block Chaining (CBC): In CBC mode, each plaintext block is XORed with the previous ciphertext block before encryption, adding an element of diffusion to the encryption process. Additionally, an initialization vector (IV) is used to initialize the first block’s encryption.


Cipher Feedback (CFB): CFB mode allows block ciphers to be used to encrypt plaintext of any length, not just blocks. It operates by encrypting an IV, then XORing the result with the plaintext to produce the ciphertext. This ciphertext is then encrypted to produce the next XOR input.


Output Feedback (OFB): OFB mode is similar to CFB but instead of encrypting plaintext to produce the XOR input, it encrypts the IV to produce a key stream, which is then XORed with the plaintext to produce the ciphertext.


Counter (CTR): CTR mode turns a block cipher into a stream cipher. It generates a key stream by encrypting successive values of a counter and XORs this key stream with the plaintext to produce the ciphertext.


Galois/Counter (GCM): GCM mode provides both confidentiality and authentication. It combines the counter mode of operation with the Galois/Counter Mode (GCM) authenticated encryption algorithm.


Counter with Cipher Block Chaining Message Authentication Code (CCM): CCM mode combines counter mode for encryption with CBC-MAC for authentication. It’s often used in constrained environments like IoT devices due to its efficiency.

You might also be interested in…

External Resources

  •  “CISSP Official Study Guide Ninth Edition”, Mike Chaple, James Michael Stewart, Darril Gibson; Sybex; 2021; Chapters 6 “Cryptography and Symmetric Key Algorithms”, pp. 245-246

Leave a Reply

Your email address will not be published. Required fields are marked *