πCounter (CTR) mode of operation
- tags
- CTR is a block cipher mode of operation that turns a block cipher into a stream cipher.
- Similar to OFB, it generates a keystream. Nonce + counter are used as keystream input for each block.
- Nonce should never be reused twice as that would produce the same keystream. It is OK if nonce is predictable though (as long as itβs never reused)
- The counter can be any predictable function that produces a sequence that does not repeat for a long time. In practice, a simple increment is the most simple and popular implementation.
- The counter predictability allows random access when encrypting/decrypting blocks, and can be done in parallel.
- If Nonce are random, they can be combined with the counter using any invertible operation (concatenation, addition, or XOR).
- If Nonce is non-random, they should be combined by concatenation. Simply Xoring nonce and counter would break security under a Chosen-plaintext attack.
- CTR requires that offset/location information is not corrupt. Otherwise, it is impossible to know the counter and decrypt a block.
- Algorithm:
- Encrypt Nonce+Counter (to produce keystream), Xor it with plaintext/ciphertext.
- The algorithm is the same for encryption/decryption.
- Susceptible to Bit-flipping attack
- This algorithm is similar to OFB.