# Bock ciphers

Data is encrypted in blocks of certain amount of bytes, for instance 16 bytes. In general a block cipher that encodes with size 16 calculates ciphertexts of size multiple 16.

<img src="img/block_cipher.png" style="width:1100px"/>

## Padding a message

Most of the times the lenght of the message is not a multiple of the block size so we need to "pad" the message to have the required length. A common padding function is [PKCS7](https://en.wikipedia.org/wiki/Padding_(cryptography)). Basically what PKCS7 does is appendinng a list of bytes with the same value corresponding to the number of bytes needed to complete the block.


We will use PKCS7 it in the next example:

In [1]:
from crypto import bytes_to_bin, bytes_to_hex

message = b"Cryptography is a complex subject after all..."
bin_repr = bytes_to_bin(message, pre="")
hex_repr = bytes_to_hex(message, pre="")

print(f"message:\n\t{message}")
print(f"(bin) \n\t{bin_repr}")
print(f"(hex) \n\t{hex_repr}")

message:
	b'Cryptography is a complex subject after all...'
(bin) 
	01000011011100100111100101110000011101000110111101100111011100100110000101110000011010000111100100100000011010010111001100100000011000010010000001100011011011110110110101110000011011000110010101111000001000000111001101110101011000100110101001100101011000110111010000100000011000010110011001110100011001010111001000100000011000010110110001101100001011100010111000101110
(hex) 
	43727970746f677261706879206973206120636f6d706c6578207375626a65637420616674657220616c6c2e2e2e


In [2]:
print(f"message is {len(message)} bytes or {len(bin_repr)} bits")

message is 46 bytes or 368 bits


In [3]:
def PKCS7(m: bytes, block_size_bytes = 16):
    n_bytes = block_size_bytes - len(m)%block_size_bytes
    pad = bytes([n_bytes for _ in range(n_bytes)])
    return m + pad
    
padded_message = PKCS7(message)
print(padded_message)

b'Cryptography is a complex subject after all...\x02\x02'


In [4]:
from cryptography.hazmat.primitives import padding

block_size_bits = 128

padder = padding.PKCS7(block_size_bits).padder()
padded_mesage = padder.update(message) + padder.finalize()

print(f"message:\n\t'{message}'")
print(f"\npadded_data: \n\t{padded_mesage}\n")

print(f"bytes per block: {int(block_size_bits/8)}")
print(f"bits per block: {block_size_bits}")
print(f"message length: {len(message)}")
print(f"padded_message lenght: {len(padded_mesage)}")

message:
	'b'Cryptography is a complex subject after all...''

padded_data: 
	b'Cryptography is a complex subject after all...\x02\x02'

bytes per block: 16
bits per block: 128
message length: 46
padded_message lenght: 48


## Encrypting using AES (Advanced Encryption Algorithm)

AES is a block cipher that was established as a standard by NIST in 2001. AES is a subset of the Rijndael block cipher developed by Vincent Rijmen and Joan Daemen submitted to NIST during the [AES selection process](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard_process).


We are not going to go into the details of te exact implementation but the readers are referred to the book of [Katz and Lindell](http://www.cs.umd.edu/~jkatz/imc.html) Chapter 6 section 2. Also Mike Pound explains AES in this [video](https://www.youtube.com/watch?v=O4xNJsjtN6E&t=524s&ab_channel=Computerphile), check it out!

In [5]:
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
import os


secret_key = os.urandom(32)

cipher = Cipher(algorithms.AES(secret_key), modes.ECB(), backend=default_backend())

encryptor = cipher.encryptor()
decryptor = cipher.decryptor()

In [6]:
ctx = encryptor.update(padded_message) + encryptor.finalize()
print(f"Decrypted message:\n{decryptor.update(ctx) + decryptor.finalize()}")

Decrypted message:
b'Cryptography is a complex subject after all...\x02\x02'


## The mode of operation

A block cipher by itself is only suitable for the secure cryptographic transformation (encryption or decryption) of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block ([Wikipedia](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation)).

The first mode is "not doing anything", this is the Electronic Codebook mode. See the figure below (from Wikipedia).

<img src="img/ECB_mode.png" style="width:1100px"/>

We are lucky and in ```cryptography``` package ECB implemented in ```cryptography.hazmat.primitives.ciphers.ECB``` function (we've seen in the previous example!).

In [7]:
secret_key = os.urandom(32)

cipher = Cipher(algorithms.AES(secret_key), modes.ECB(), backend=default_backend())

encryptor = cipher.encryptor()
decryptor = cipher.decryptor()

Now we can encrypt the same message twice and see what we get in the ciphertext:

In [8]:
ctx = encryptor.update(padded_message+padded_message) + encryptor.finalize()
print(ctx[0: len(padded_message)])
print(ctx[len(padded_message):])

b'\xb8{\x9e\xc5aA.u]\xcd\xb7\xfa\x98\xff\x90\xa6q\xde\xbb\xab\xca\xeeV\x03\xa1\xa5\xb4\\\x9aH\xd5\x95O0\x9e\xed\x03\xb5?P\xe2\xa9\tZ9\x9d\x04~'
b'\xb8{\x9e\xc5aA.u]\xcd\xb7\xfa\x98\xff\x90\xa6q\xde\xbb\xab\xca\xeeV\x03\xa1\xa5\xb4\\\x9aH\xd5\x95O0\x9e\xed\x03\xb5?P\xe2\xa9\tZ9\x9d\x04~'


This is not a desirable outcome. If I want to send the same message twice, I really don't want to send the same ciphertext. What if in all comunications I start by "Dear..." and the attacker knows it?. A better mode is the Cipher block chaining (CBC):

<img src="img/CBC_mode.png" style="width:1100px"/>

In this case we take a random initialization vector and perform XOR operation with the block of plaintext, then we feed this into the encryptor, after that we obtain the ciphertext. This ciphertext is used as the initialization vector to encrypt the next block.

In [9]:
secret_key = os.urandom(32)
iv = os.urandom(16)

cipher = Cipher(algorithms.AES(secret_key), modes.CBC(iv), backend=default_backend())

encryptor = cipher.encryptor()
decryptor = cipher.decryptor()

In [10]:
ctx = encryptor.update(padded_message+padded_message) + encryptor.finalize()
print(ctx[0: len(padded_message)])
print(ctx[len(padded_message):])

b'\x90Me\x8b\xe8\x97\x8a^c\x9d=}\x81\xca-\r\xa3\x04US\x14\x8em\x0c\xcc\xc3\x85@\xcb\xff\xc4\x9aq\xeb\x8a\xfa\\\xefYb\xda\xcc5\xf8\x06\td\xd4'
b'\x8f{\xfex\x9e \xd9\xdd\x07\xeaH\xe0y\x80g&\x9d\xa3\xefBQ\xfb\xbd^\xa7\x9f\rf\xe9m\x98I=MnGjv\xb7\xec"\x1f\xb7ciQ#G'


## Size of ciphertext

In [13]:
block_size_bits = 128

for message_len in range(128):
    m = str.encode("a"*message_len)
    
    padder = padding.PKCS7(block_size_bits).padder()
    m_padded = padder.update(m) + padder.finalize()
    encryptor = cipher.encryptor()
    
    ctx = encryptor.update(m_padded) + encryptor.finalize()
    print(len(m_padded))

16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
16
32
32
32
32
32
32
32
32
32
32
32
32
32
32
32
32
48
48
48
48
48
48
48
48
48
48
48
48
48
48
48
48
64
64
64
64
64
64
64
64
64
64
64
64
64
64
64
64
80
80
80
80
80
80
80
80
80
80
80
80
80
80
80
80
96
96
96
96
96
96
96
96
96
96
96
96
96
96
96
96
112
112
112
112
112
112
112
112
112
112
112
112
112
112
112
112
128
128
128
128
128
128
128
128
128
128
128
128
128
128
128
128


## Fernet

In [12]:
from cryptography.fernet import Fernet

# secret key generation
secret_key = Fernet.generate_key()
box = Fernet(secret_key)

max_len = 100
for n in range(1, max_len):
    # generate messages of n a's
    message = "".join(["a" for _ in range(n)])
    message = str.encode(message)
    
    ciphertext = box.encrypt(message)
    print(f"len_message: {len(message)}, len_ciphertext: {len(ciphertext)}")


len_message: 1, len_ciphertext: 100
len_message: 2, len_ciphertext: 100
len_message: 3, len_ciphertext: 100
len_message: 4, len_ciphertext: 100
len_message: 5, len_ciphertext: 100
len_message: 6, len_ciphertext: 100
len_message: 7, len_ciphertext: 100
len_message: 8, len_ciphertext: 100
len_message: 9, len_ciphertext: 100
len_message: 10, len_ciphertext: 100
len_message: 11, len_ciphertext: 100
len_message: 12, len_ciphertext: 100
len_message: 13, len_ciphertext: 100
len_message: 14, len_ciphertext: 100
len_message: 15, len_ciphertext: 100
len_message: 16, len_ciphertext: 120
len_message: 17, len_ciphertext: 120
len_message: 18, len_ciphertext: 120
len_message: 19, len_ciphertext: 120
len_message: 20, len_ciphertext: 120
len_message: 21, len_ciphertext: 120
len_message: 22, len_ciphertext: 120
len_message: 23, len_ciphertext: 120
len_message: 24, len_ciphertext: 120
len_message: 25, len_ciphertext: 120
len_message: 26, len_ciphertext: 120
len_message: 27, len_ciphertext: 120
len_messag