πŸ“Counter (CTR) mode of operation

tags

Β§ Cryptography

  • CTR is a block cipher mode of operation that turns a block cipher into a stream cipher.
  • Similar to OFB, it generates a keystream. Nonce + counter are used as keystream input for each block.
    • Nonce should never be reused twice as that would produce the same keystream. It is OK if nonce is predictable though (as long as it’s never reused)
    • The counter can be any predictable function that produces a sequence that does not repeat for a long time. In practice, a simple increment is the most simple and popular implementation.
    • The counter predictability allows random access when encrypting/decrypting blocks, and can be done in parallel.
  • If Nonce are random, they can be combined with the counter using any invertible operation (concatenation, addition, or XOR).
    • If Nonce is non-random, they should be combined by concatenation. Simply Xoring nonce and counter would break security under a Chosen-plaintext attack.
  • CTR requires that offset/location information is not corrupt. Otherwise, it is impossible to know the counter and decrypt a block.
  • Algorithm:
    • Encrypt Nonce+Counter (to produce keystream), Xor it with plaintext/ciphertext.
    • The algorithm is the same for encryption/decryption.
  • Susceptible to Bit-flipping attack

  • This algorithm is similar to OFB.

Backlinks