Score:0

Does random IVs in CTR block cipher mode combined with XOR allow to encrypt number of blocks up to the same numeric count of IV?

pf flag

I read about CTR block cipher mode in Wikipedia: "If the IV/nonce is random, then they can be combined with the counter using any invertible operation (concatenation, addition, or XOR) to produce the actual unique counter block for encryption."

Let's suppose I want to make a enciphering scheme with CTR and AES in which I XOR the counter value with the full IV.

Does it have advantage over combining a Nonce+Counter?

If the block size is 128-bits, does XORing a 128-bit counter onto a random IV allow to encrypt up to 2^128 blocks?

kelalaka avatar
in flag
The small problem of x-or is the additional x-or operation per block. Once nonce||counter is set, there is no operation other than the increment. Though the counter in the normal mode limits the number of blocks to encrypt under the same (key,nonce) this is most necessary since AES is a PRP that has a long message distinguished from PRF. Xoring on the other hand has no limit is set explicitly due to the boundaries. In short, there is not much difference.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.