Editing Block cipher (section)

==History==
The modern design of block ciphers is based on the concept of an iterated [[product cipher]]. In his seminal 1949 publication, ''[[Communication Theory of Secrecy Systems]]'', [[Claude Shannon]] analyzed product ciphers and suggested them as a means of effectively improving security by combining simple operations such as [[substitution cipher|substitution]]s and [[transposition cipher|permutation]]s.<ref name="shannon">{{cite journal|last1= Shannon|first1= Claude|title= Communication Theory of Secrecy Systems|journal= [[Bell System Technical Journal]]|volume= 28|issue= 4|pages= 656–715|year= 1949|doi= 10.1002/j.1538-7305.1949.tb00928.x|url= http://netlab.cs.ucla.edu/wiki/files/shannon1949.pdf|access-date= 2012-04-09|archive-date= 2007-06-05|archive-url= https://web.archive.org/web/20070605092733/http://netlab.cs.ucla.edu/wiki/files/shannon1949.pdf|url-status= dead}}</ref> Iterated product ciphers carry out encryption in multiple [[Round (cryptography)|rounds]], each of which uses a different subkey derived from the original key. One widespread implementation of such ciphers named a [[Feistel network]] after [[Horst Feistel]] is notably implemented in the [[Data Encryption Standard|DES]] cipher.<ref name="tilborg">{{cite book|editor1-last= van Tilborg|editor1-first= Henk C. A.|editor2-last= Jajodia|editor2-first= Sushil|title= Encyclopedia of Cryptography and Security|publisher= Springer|year= 2011|isbn= 978-1-4419-5905-8|url= https://books.google.com/books?id=UuNKmgv70lMC&pg=PA455}}, p.&nbsp;455.</ref> Many other realizations of block ciphers, such as the [[Advanced Encryption Standard|AES]], are classified as [[substitution–permutation network]]s.{{sfn|van Tilborg|Jajodia|2011|p=1268}}

The root of all [[cryptographic]] block formats used within the [[Payment Card Industry Data Security Standard]] (PCI DSS) and [[American National Standards Institute]] (ANSI) standards lies with the [[Atalla Key Block]] (AKB), which was a key innovation of the [[Atalla Box]], the first [[hardware security module]] (HSM). It was developed in 1972 by [[Mohamed M. Atalla]], founder of [[Atalla Corporation]] (now [[Utimaco Atalla]]), and released in 1973. The AKB was a key block, which is required to securely interchange [[Symmetric-key algorithm|symmetric keys]] or [[Personal identification number|PINs]] with other actors in the [[banking industry]]. This secure interchange is performed using the AKB format.<ref>{{cite web |last1=Rupp |first1=Martin |title=The Benefits of the Atalla Key Block |url=https://content.hsm.utimaco.com/blog/the-benefits-of-atalla-key-block |website=[[Utimaco]] |date=16 August 2019 |access-date=10 September 2019 |archive-date=17 October 2020 |archive-url=https://web.archive.org/web/20201017215047/https://content.hsm.utimaco.com/blog/the-benefits-of-atalla-key-block |url-status=dead }}</ref> The Atalla Box protected over 90% of all [[Automated teller machine|ATM]] networks in operation as of 1998,<ref>{{cite web |last1=Hamscher |first1=Walter |year=1998 |title=Electronic Business without Fear: The Tristrata Security Architecture |url=http://www.standardadvantage.com/docs/fear.pdf |archive-url=https://web.archive.org/web/20050529185702/http://www.standardadvantage.com/docs/fear.pdf |archive-date=29 May 2005 |citeseerx=10.1.1.123.2371 }}{{self-published inline|date=January 2022}}</ref> and Atalla products still secure the majority of the world's ATM transactions as of 2014.<ref name="Stiennon">{{cite web |last1=Stiennon |first1=Richard |title=Key Management a Fast Growing Space |url=https://securitycurrent.com/key-management-a-fast-growing-space/ |website=SecurityCurrent |publisher=IT-Harvest |access-date=21 August 2019 |date=17 June 2014}}</ref>

The publication of the DES cipher by the United States National Bureau of Standards (subsequently the U.S. [[National Institute of Standards and Technology]], NIST) in 1977 was fundamental in the public understanding of modern block cipher design. It also influenced the academic development of [[cryptanalysis|cryptanalytic attack]]s. Both [[differential cryptanalysis|differential]] and [[linear cryptanalysis]] arose out of studies on DES design. {{As of | 2016}}, there is a palette of attack techniques against which a block cipher must be secure, in addition to being robust against [[brute-force attack]]s.