πCounter (CTR) mode of operation
- tags
CTR is a block cipher mode of operation that turns a block cipher into a stream cipher.
Similar to OFB, it generates a keystream. Nonce + counter are used as keystream input for each block.
Nonce should never be reused twice as that would produce the same keystream. It is OK if nonce is predictable though (as long as itβs never reused)
The counter can be any predictable function that produces a sequence that does not repeat for a long time. In practice, a simple increment is the most simple and popular implementation.
The counter predictability allows random access when encrypting/decrypting blocks, and can be done in parallel.
If Nonce are random, they can be combined with the counter using any invertible operation (concatenation, addition, or XOR).
If Nonce is non-random, they should be combined by concatenation. Simply Xoring nonce and counter would break security under a Chosen-plaintext attack.
CTR requires that offset/location information is not corrupt. Otherwise, it is impossible to know the counter and decrypt a block.
Algorithm:
Encrypt Nonce+Counter (to produce keystream), Xor it with plaintext/ciphertext.
The algorithm is the same for encryption/decryption.
Susceptible to Bit-flipping attack
This algorithm is similar to OFB.