What is the difference between a block cipher algorithm and a block cipher mode of operation?
The block cipher algorithm (e.g., AES) defines how to encrypt a single block; the mode of operation defines how to encrypt messages longer than one block.
Keeping the two layers separate is what lets you reason about security in pieces: AES can be a trusted, well-studied building block, while the mode is chosen for the data's shape — whether you need random access, streaming, parallel encryption, or authentication. A perfect block cipher used in a bad mode (like ECB) is still insecure, which is the whole reason modes matter.
The problem: AES encrypts exactly 128 bits. Real messages are usually longer. How do you handle a 1MB file?
The solution: Modes of operation — they define the "strategy" for applying the block cipher repeatedly:
- How blocks are chained together
- Whether/how an IV (Initialization Vector) is used
- Whether encryption is parallelizable
Common modes:
- ECB — Electronic Codebook (simple but insecure)
- CBC — Cipher Block Chaining (widely used)
- OFB — Output Feedback (turns block cipher into stream cipher)
- CTR — Counter mode (parallelizable stream cipher)
Analogy: The block cipher is the engine; the mode of operation is the transmission system that determines how the engine's power is applied.
Go deeper:
Block cipher mode of operation (Wikipedia) — the catalogue of modes and what each one is for.