πŸ“Counter (CTR) mode of operation

tags

Β§ Cryptography

  • CTR is a block cipher mode of operation that turns a block cipher into a stream cipher.

  • Similar to OFB, it generates a keystream. Nonce + counter are used as keystream input for each block.

    • Nonce should never be reused twice as that would produce the same keystream. It is OK if nonce is predictable though (as long as it’s never reused)

    • The counter can be any predictable function that produces a sequence that does not repeat for a long time. In practice, a simple increment is the most simple and popular implementation.

    • The counter predictability allows random access when encrypting/decrypting blocks, and can be done in parallel.

  • If Nonce are random, they can be combined with the counter using any invertible operation (concatenation, addition, or XOR).

    • If Nonce is non-random, they should be combined by concatenation. Simply Xoring nonce and counter would break security under a Chosen-plaintext attack.

  • CTR requires that offset/location information is not corrupt. Otherwise, it is impossible to know the counter and decrypt a block.

  • Algorithm:

    • Encrypt Nonce+Counter (to produce keystream), Xor it with plaintext/ciphertext.

    • The algorithm is the same for encryption/decryption.

  • Susceptible to Bit-flipping attack

  • This algorithm is similar to OFB.

Backlinks