Encryption is used in communication networks to obscure information so that a network node or an eavesdropper is not easily able to determine the information without secret information called a key. A cipher is an algorithm for performing encryption. A block cipher, such as the Advanced Encryption Standard (AES), is a symmetric key is cipher that encrypts a fixed-length block of data called a “plaintext block” using an encryption key to generate an encrypted “ciphertext block.” The ciphertext block can be decrypted using the encryption key to recover the plaintext block.
When a data stream to be encrypted is longer than the block size, the block cipher uses a “mode of operation” to encrypt the data stream. In one mode of operation, called the electronic codebook (ECB) mode, the stream is divided into blocks, and each plaintext block is individually encrypted using the encryption key. In ECB mode, since identical plaintext blocks in different parts of the stream map to the same ciphertext block, some patterns in the original data stream may not be obscured.
In another mode of operation, called the cipher-block chaining (CBC) mode, the stream is divided into blocks, and each plaintext block is processed based on a previous ciphertext block (using an XOR operation) before being encrypted. In CBC mode, each ciphertext block is dependent all previous ciphertext blocks, which helps to obscure patterns in the original data stream.
The first ciphertext block is processed based on an “initialization vector” since it has no previous ciphertext blocks. The initialization vector used in a CBC mode block cipher, or in other types of ciphers, also provides a form of randomization. Using a different initialization vector for different data streams, makes it more difficult to obtain information about the original data stream or the encryption key from the encrypted stream. The initialization vector is used (along with the encryption key) to decrypt the corresponding encrypted stream, and (unlike the encryption key) can be transmitted over a network along with the corresponding encrypted stream without compromising security.