In the previous chapter, two standard block ciphers, namely TDEA and AES, have been presented. A block cipher takes a fixed-size plaintext block and returns a ciphertext block of the same size. However, in many applications, a plaintext (for example an image) is composed of thousands of blocks or even more. It is not desirable to use a block cipher in such a way that the encryption of the individual plaintext blocks leaks some features about the whole plaintext. In addition, in many applications, the recipient of a message may need to authenticate the message sender.

Data protection refers to confidentiality of data in transit (i.e. data exchanged via a communication network) and data on storage devices (such as CD-ROMs and USB flash drives). Like messages that may be intercepted, while being transmitted form sender to recipient, storage devices may be stolen or copied, which would result in disclosing confidential data. In addition, the advent of storage area networks has made storage devices, which are directly connected to servers, vulnerable to attacks. Therefore, protecting storage devices is (often) required. Such a protection is commonly achieved using block ciphers. Overall, encryption of data on storage devices aims at providing: data confidentiality, fast data storage and retrieval, and optimization of storage space.

It should be noticed that the protection of data in transit (i.e. messages) and that of data on ...