A block cipher is a particular kind of cipher. For the purposes of ciphers, and other general issues see the cipher article. This article is only about issues specific to block ciphers.

A block cipher is a mathematical function, typically implemented in modern times by a computer program function, that takes two inputs and produces one output. The two inputs are called the "plaintext block" and the "key". The output is called the "ciphertext block". Typically each input and output consists of a certain number of bits, with the plaintext block and ciphertext block the same size, and the key perhaps of the same size, or perhaps different. There are certain requirements on the function. These are probably the most important:

- Knowing both the plaintext block and the key, it must be easy (for a computer) to calculate the ciphertext block.

- Knowing both the ciphertext block and the key, it must be easy (for a computer) to calculate the plaintext block.

- Knowing both the plaintext block and the ciphertext block, it must be as difficult as possible (for a team of highly paid experts with many computers) to find the key.

The notions of "easy" and "difficult" are not precise, well defined concepts in this context. Rather, they are currently pragmatic notions based on real-world practicalities.

The first well known and widely used block cipher was DES, which began to be used circa 1976. From then until the end of the twentieth century, it became customary for block ciphers to have a block size of 64 bits, and a key size of at least 56 bits, with 64 or 128 bits perhaps being most common except for DES. In the USSR, a cipher called [GOST block cipher]? was probably quite widely used, though it is little known in the West. It had a block size of 64 bits and a key of 256 bits. Circa 2000, it began to be realised that larger block sizes are strongly advised, and key sizes should be at least 128 bits. AES is an example of the new breed of ciphers to this pattern.

Many other block ciphers have been proposed publicly (and probably quite a few more are kept secret). A few are: RC5?, [Safer block cipher]? (and its successors to be discussed in that article), IDEA, Blowfish, and also the losing AES finalists: Twofish?, Serpent?, RC6?, and Mars?.

It is occasionally useful to use a block cipher to encrypt a message exactly the same size at the plaintext block. However, in most applications, it is necessary to use the block cipher as a component in a larger scheme. See [Block cipher modes of operation]? for a discussion of how this is done.

Much cryptanalysis theory and practice relevent to block ciphers has been published since about 1988. Some of the better known methods include Differential cryptanalysis, [Linear cryptanalysis]?, [Slide attack cryptanalysis]?, [Algebraic cryptanalysis]?. For a modern proposal for a block cipher to be taken seriously, there must be good reason to believe it is strongly resistent to all of these.