A block cipher encrypts data in fixed-size blocks (for example, 128-bit blocks in AES), which gives strong, well-studied security. A stream cipher encrypts data one bit or byte at a time by XORing it with a keystream, which makes it fast and light. In short, block ciphers favour security and bulk data, while stream ciphers favour speed and real-time streams.
Block and stream ciphers are the two families of symmetric encryption, where the same key encrypts and decrypts. Both appear in cryptography and network-security courses, so students need to know how each one processes data and where each fits.
The core split is the unit of work: a block cipher takes a whole block at once, whereas a stream cipher works bit by bit. This guide defines each, compares them in detail, shows code, and lists common algorithms and uses.
Both are symmetric, so it also helps to know the difference between symmetric and asymmetric keys.

What is a Block Cipher?
A block cipher splits data into fixed-length blocks and encrypts each block with the same key. The best-known example is the Advanced Encryption Standard (AES), which uses 128-bit blocks. Because it processes whole blocks through many rounds, a block cipher gives strong, well-studied security.
To encrypt data longer than one block, a block cipher uses a mode of operation, such as ECB, CBC, CTR, or GCM. So the mode decides how blocks chain together and whether padding is needed.
Advantages:
- Strong confidentiality and integrity, especially with modern modes.
- Well studied and resistant to many known attacks.
- Efficient for bulk data, and blocks can be processed in parallel.
Disadvantages:
- Often needs padding when data does not fill a whole block.
- An error or change can propagate across a block.
- Can be slower than a stream cipher for tiny, real-time messages.
What is a Stream Cipher?
A stream cipher encrypts data one bit or byte at a time. It generates a pseudorandom keystream from the key, then XORs that keystream with the plaintext. Because XOR is its own inverse, decryption simply XORs the same keystream back.
RC4 was once the popular example, but it is now considered broken. So modern systems prefer stronger stream ciphers such as ChaCha20. As a result, stream ciphers stay fast and light, which suits real-time data.
Advantages:
- Very fast encryption and decryption, with low latency.
- No padding, since it works bit by bit.
- Well suited to real-time and streaming communication.
Disadvantages:
- Reusing a keystream is catastrophic, so each message needs a fresh nonce.
- Weak designs like RC4 have serious flaws.
- It provides no integrity on its own, so it needs a separate MAC.
Block Cipher vs Stream Cipher: Comparison Table

| Aspect | Block Cipher | Stream Cipher |
|---|---|---|
| Encryption unit | Fixed-size blocks | One bit or byte at a time |
| How it works | Encrypts each block with a mode of operation | XORs data with a keystream |
| Padding | Often required | Not required |
| Speed | Slower for tiny, real-time data | Faster, low latency |
| Memory | Higher (buffers a block) | Lower (streams in real time) |
| Error propagation | Can spread across a block | Confined to the affected bit/byte |
| Initialization vector | Needs an IV in most modes | Needs a unique nonce per message |
| Parallelism | Blocks can be processed in parallel | Often suited to hardware/streaming |
| Integrity | Authenticated modes (GCM) add it | None alone; needs a separate MAC |
| Security maturity | Very well studied (AES) | Strong if modern (ChaCha20), weak if RC4 |
| Examples | AES, DES, 3DES, Blowfish | ChaCha20, Salsa20, RC4 (legacy) |
| Modes / nonce | ECB, CBC, CTR, GCM | Key + nonce keystream |
| Best for | Disk encryption, TLS, databases | Real-time, wireless, voice/video |
Code Examples

First, here is a minimal block cipher in Python using AES. Note that ECB mode is shown only for simplicity, so in real code you should use CBC or GCM instead.
# Block cipher with AES (ECB shown for simplicity; prefer CBC/GCM in practice)
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
key = get_random_bytes(16) # 128-bit key
cipher = AES.new(key, AES.MODE_ECB)
ciphertext = cipher.encrypt(b"SixteenByteBlock") # must be a 16-byte block
plaintext = AES.new(key, AES.MODE_ECB).decrypt(ciphertext)
print(plaintext)Next, here is the stream cipher idea: XOR the plaintext with a keystream, then XOR the same keystream back to decrypt. In real code the keystream comes from the key through a cipher like ChaCha20.
# Stream cipher idea: XOR with a keystream (reuse the SAME keystream to decrypt)
from os import urandom
plaintext = b"This is a secret message"
keystream = urandom(len(plaintext)) # in practice, derived from the key + nonce
ciphertext = bytes(p ^ k for p, k in zip(plaintext, keystream))
decrypted = bytes(c ^ k for c, k in zip(ciphertext, keystream)) # same keystream
print(decrypted) # b"This is a secret message"So the block example encrypts a whole block at once, while the stream example walks byte by byte. Because XOR is reversible, the stream cipher only works when both sides use the identical keystream.
When to Use a Block or Stream Cipher
Choose a block cipher when security and bulk data matter most. For example, disk encryption, TLS, and database encryption use AES, often in an authenticated mode like GCM that also protects integrity.
Choose a stream cipher when speed and low latency matter most. For instance, real-time voice, video, and wireless links favour a fast cipher like ChaCha20, especially on devices without AES hardware.
In practice, the line blurs, because a block cipher in CTR mode behaves like a stream cipher. So modern protocols often pick AES-GCM or ChaCha20-Poly1305, which combine speed with built-in integrity.
Frequently Asked Questions
Wrapping Up
Block and stream ciphers are both symmetric, yet they process data differently. A block cipher encrypts fixed-size blocks for strong, bulk security, while a stream cipher XORs a keystream bit by bit for speed.
So match the cipher to the job: a block cipher like AES for disk and TLS, and a stream cipher like ChaCha20 for fast, real-time data. Because modern modes such as AES-GCM and ChaCha20-Poly1305 add integrity, they are the safe default for new systems.
Related reading on DiffStudy: