DEV Community

Cover image for Understanding CBC Mode: How Block Cipher Chaining Actually Works
Arashad Dodhiya
Arashad Dodhiya

Posted on

Understanding CBC Mode: How Block Cipher Chaining Actually Works

#cryptography #cybersecurity #webdev #encryption

The missing piece most developers never learn about AES encryption.

Encryption Is More Than Just AES

Ask a developer what encryption algorithm their application uses, and you'll often hear:

"We use AES-256."

That's good—but incomplete.

Here's the thing: AES alone doesn't tell the whole story.

AES is only the encryption algorithm. To encrypt data larger than a single block, AES needs a mode of operation. One of the most widely used modes in the past was CBC (Cipher Block Chaining).

Understanding CBC is important not only for developers but also for security engineers, because many cryptographic attacks—such as CBC bit flipping and padding oracle attacks—stem from how CBC works.

By the end of this article, you'll understand:

  • What symmetric encryption is
  • What AES actually does
  • Why modes of operation exist
  • How CBC encryption and decryption work
  • The role of the Initialization Vector (IV)
  • Why CBC has limitations

Let's begin from the ground up.

What Is Symmetric Encryption?

Symmetric encryption uses the same secret key for both encryption and decryption.

Think of it like a house key:

  • You lock the door with one key.
  • You unlock it with the same key.

Encryption works similarly.

Plaintext + Secret Key → Ciphertext
Ciphertext + Same Key → Plaintext
Enter fullscreen mode Exit fullscreen mode

Examples of symmetric encryption algorithms:

  • AES
  • DES
  • Blowfish

The challenge isn't just keeping the key secret.

It's also encrypting data securely.

What Is AES?

AES stands for Advanced Encryption Standard and is one of the most widely used encryption standards in the world. It uses the same secret key for encryption and decryption and supports key sizes of 128, 192, and 256 bits.

You'll encounter AES in:

  • HTTPS
  • VPNs
  • Disk encryption
  • Password managers
  • Secure messaging apps

But AES has an important limitation.

It encrypts fixed-size blocks.

For AES, that block size is always:

128 bits (16 bytes).

And this leads us to the next concept.

What Is a Block Cipher?

A block cipher encrypts data in fixed-size chunks called blocks.

Imagine the message:

HELLO WORLD THIS IS A SECRET MESSAGE
Enter fullscreen mode Exit fullscreen mode

AES doesn't encrypt the whole message at once.

Instead, it splits it into blocks:

Block 1
Block 2
Block 3
...
Enter fullscreen mode Exit fullscreen mode

Each block is encrypted separately.

Sounds simple.

But there's a problem.

Why Do We Need Modes of Operation?

Suppose two blocks contain identical data:

Block A = ADMIN
Block B = ADMIN
Enter fullscreen mode Exit fullscreen mode

If we encrypt them independently using the same key, the ciphertext may also be identical.

An attacker could start spotting patterns.

And patterns are dangerous in cryptography.

To solve this problem, cryptographers created modes of operation.

Modes define how blocks interact with each other during encryption.

Common modes include:

  • ECB
  • CBC
  • CTR
  • GCM

Today we're focusing on CBC.

ECB vs CBC: Why CBC Was Introduced

ECB (Electronic Codebook)

ECB encrypts every block independently:

P1 → Encrypt → C1
P2 → Encrypt → C2
P3 → Encrypt → C3
Enter fullscreen mode Exit fullscreen mode

The problem?

Identical plaintext blocks produce identical ciphertext blocks. This leaks patterns in the data.

CBC (Cipher Block Chaining)

CBC fixes this by linking blocks together.

Each plaintext block is combined with the previous ciphertext block before encryption.

As a result:

Every block depends on all previous blocks.

This greatly reduces pattern leakage.

What Is an Initialization Vector (IV)?

There's one problem.

The first block has no previous ciphertext block.

So what should CBC use?

The answer is the Initialization Vector (IV).

An IV is a random value used only for the first block. It ensures that encrypting the same plaintext twice with the same key produces different ciphertext.

Important facts:

✅ IV does not have to be secret

✅ IV should be unique and unpredictable

❌ Reusing IVs can weaken security

Think of the IV as a random starting point.

Real-World Analogy: Passing Secret Notes

Imagine a chain of people passing secret notes.

Each person doesn't just encrypt their message.

They also mix it with the previous person's encrypted message.

If one note changes, every note afterward changes too.

That's exactly how CBC works.

Hence the name:

Cipher Block Chaining.

How CBC Encryption Works

CBC encryption follows this formula:

C₁ = Encrypt(P₁ XOR IV)

C₂ = Encrypt(P₂ XOR C₁)

C₃ = Encrypt(P₃ XOR C₂)
Enter fullscreen mode Exit fullscreen mode

Where:

  • P = Plaintext
  • C = Ciphertext
  • IV = Initialization Vector

Each block depends on the previous ciphertext block.

Encryption Flow 

Plaintext Block 1
        ↓
XOR with IV
        ↓
AES Encrypt
        ↓
Ciphertext Block 1
        ↓
XOR with Plaintext Block 2
        ↓
AES Encrypt
        ↓
Ciphertext Block 2
Enter fullscreen mode Exit fullscreen mode

A small change in one block affects all following ciphertext blocks.

This property is called chaining.

How CBC Decryption Works

Decryption reverses the process.

Formula:

P₁ = Decrypt(C₁) XOR IV

P₂ = Decrypt(C₂) XOR C₁

P₃ = Decrypt(C₃) XOR C₂
Enter fullscreen mode Exit fullscreen mode

Notice something interesting?

The previous ciphertext block is required for decryption.

This design decision later enabled attacks such as:

  • CBC Bit Flipping
  • Padding Oracle Attacks

We'll cover those in future articles.

Why XOR Matters

XOR (Exclusive OR) is one of the most important operations in cryptography.

A special property of XOR:

A XOR B XOR B = A
Enter fullscreen mode Exit fullscreen mode

This allows data to be mixed and later recovered during decryption.

Without XOR, CBC would not work.

Advantages of CBC Mode

CBC improved upon ECB in several ways:

✅ Hides repeating patterns

✅ Makes ciphertext less predictable

✅ Widely supported historically

✅ Strong confidentiality when implemented correctly

For many years, CBC was the standard choice in protocols and applications.

Limitations of CBC Mode

CBC isn't perfect.

Some limitations include:

❌ Requires padding

❌ Encryption cannot be parallelized efficiently

❌ Incorrect IV handling weakens security

❌ Provides confidentiality but not integrity

This last point is critical.

Encryption alone does not guarantee that ciphertext hasn't been modified.

That's why modern applications often use authenticated encryption modes such as AES-GCM, which provide both confidentiality and integrity.

Why CBC Still Matters Today

Even though modern systems increasingly prefer AES-GCM, CBC still appears in:

  • Legacy applications
  • Older TLS implementations
  • Custom encryption schemes
  • Historical vulnerability research

If you're a developer, understanding CBC helps you build safer systems.

If you're a security researcher, understanding CBC helps you recognize cryptographic weaknesses.

Because in security, understanding the design is often more important than memorizing the attack.

What's Next?

Now that you understand how CBC works, the next question becomes:

What happens if an attacker modifies the ciphertext?

That question leads directly to one of the most fascinating cryptographic attacks:

CBC Bit Flipping.

And that's exactly what we'll explore next.

Top comments (0)