What is a Block Cipher

A block cipher is a symmetric encryption algorithm that encrypts data in fixed-size chunks called blocks. The most widely used block cipher, AES, works on 128-bit (16-byte) blocks. Every block of plaintext is transformed into a block of ciphertext of the same size, using a secret key.

How it works

A block cipher takes two inputs — a plaintext block and a key — and produces one output: a ciphertext block. The same key and plaintext always produce the same ciphertext. Decryption reverses the process using the same key.

The problem is that real data rarely fits into a single block. A 1 MB file contains over 65,000 blocks at 128 bits each. Modes of operation define how multiple blocks are chained together:

• ECB (Electronic Codebook) — encrypts each block independently. Identical plaintext blocks produce identical ciphertext blocks, which leaks patterns. Never use ECB for real data.
• CBC (Cipher Block Chaining) — XORs each plaintext block with the previous ciphertext block before encrypting. This hides patterns but is sequential and requires padding.
• CTR (Counter Mode) — turns the block cipher into a stream cipher by encrypting a counter value and XORing the result with plaintext. Parallelizable and no padding needed.
• GCM (Galois/Counter Mode) — combines CTR mode with a polynomial hash for authentication. This is the standard for TLS and the most common mode in production.

When the last block is shorter than the block size, padding is added. PKCS#7 padding fills the remaining bytes with the number of padding bytes needed.

Why it matters

Block ciphers are the core building block of symmetric encryption. Understanding how they work — especially the difference between modes — explains why AES-GCM is used in TLS and why ECB mode produces the infamous "ECB penguin" image. The mode matters as much as the cipher itself.

See How Symmetric Encryption Works for the full explanation.