Block vs stream ciphers
Posted on :: cryptography systems-programming

When learning about encryption for my key-value store, I had to understand the difference between block and stream ciphers. Here's what they are.

Block ciphers

A block cipher processes data in fixed-size chunks. The algorithm encrypts one block at a time.

Example: AES

  • Block size: 128 bits (16 bytes)
  • Takes 16 bytes of plaintext → outputs 16 bytes of ciphertext
  • Repeat for each block

AES is the common one. More complex implementation, but there's hardware support (AES-NI). If you don't have hardware acceleration, it's slower and can be vulnerable to side-channel attacks if poorly implemented.

Stream ciphers

A stream cipher encrypts data bit-by-bit or byte-by-byte. It generates a keystream and XORs it with your plaintext.

Example: ChaCha20

  • No fixed block size
  • Encrypt 5 bytes? Get 5 bytes of ciphertext
  • Simpler design (just additions, XORs, rotations)
  • Fast in software without special hardware
  • Better for power consumption

The practical difference

Block cipher: If your data isn't exactly 16 bytes (or a multiple), you need padding.

Stream cipher: No padding. Whatever size you encrypt is the size you get out.

What I'm using

For my encrypted key-value store, I'm using ChaCha20 (stream cipher).

Why? Pure software implementation, simpler, faster without hardware acceleration. That's it.

Both are secure when used correctly. ChaCha20 just made more sense for a learning project where I'm not using hardware crypto.

Table of Contents