Block ciphers are deterministic algorithms that encrypt fixed-size blocks of plaintext under a secret key, forming the workhorse of symmetric cryptography. AES (the current standard) processes 128-bit blocks using substitution-permutation networks that achieve Shannon's confusion (complex key-ciphertext relationship) and diffusion (spreading plaintext influence across the ciphertext). A block cipher is a keyed pseudorandom permutation: with a random key, it should be indistinguishable from a truly random permutation of the block space. Security relies on computational hardness, not information-theoretic impossibility.
Since Shannon proved that perfect secrecy requires impractically long keys, modern symmetric cryptography pursues the next best thing: ciphers that are computationally indistinguishable from ideal. A block cipher takes a fixed-length plaintext block (128 bits for AES) and a secret key, and produces a ciphertext block of the same length. For each key, the cipher defines a permutation (bijection) on the block space — every plaintext maps to a unique ciphertext and vice versa, enabling decryption. The security goal is that a block cipher under a random key should look like a pseudorandom permutation (PRP): no efficient algorithm should be able to distinguish it from a truly random permutation of the block space.
The two dominant design paradigms are Feistel networks and substitution-permutation networks (SPNs). DES, the former standard, uses a Feistel structure: the block is split in half, and each round applies a keyed round function to one half and XORs the result into the other. The elegant property is that the round function need not be invertible — decryption simply runs the rounds backward. AES, the current standard, uses an SPN: each round applies substitution (S-boxes that replace bytes nonlinearly), row shifting, column mixing, and key addition to the entire block. Every operation must be invertible. AES processes 128-bit blocks through 10, 12, or 14 rounds depending on the key size (128, 192, or 256 bits).
Both designs implement Shannon's principles of confusion and diffusion. Confusion makes the relationship between the key and the ciphertext as complex as possible — each ciphertext bit should depend on many key bits in a highly nonlinear way. AES achieves this through its S-box, a carefully chosen nonlinear byte substitution. Diffusion ensures that each plaintext bit influences many ciphertext bits — changing one input bit should flip roughly half the output bits (the "avalanche effect"). AES achieves this through ShiftRows and MixColumns, which spread byte-level changes across the entire block within two rounds.
It is important to distinguish the block cipher primitive from a complete encryption scheme. A raw block cipher encrypts exactly one block deterministically — the same plaintext and key always produce the same ciphertext. Encrypting a multi-block message or achieving security against chosen-plaintext attacks requires a mode of operation (CBC, CTR, GCM, etc.) that introduces randomness or state. The block cipher is the building block; the mode of operation turns it into a full encryption system. Understanding this separation is essential because a perfectly secure block cipher used in a flawed mode can be completely insecure.