Can the encryption with CTR mode be replaced by a publicly known unkeyed permutation when doing multiple encryption and keeping the IV secret?

phantomcraft

12/2/23, 10:35 PM

A user of this forum answered in one of my questions and said that if the IV is kept secret in multiple encryption with CTR mode, the cost of breaking the scheme is $${2^{2 l_{key}}} 2 \cdot {2^{l_{iv}}}$$

Can the encryption operation in multiple-encryption with CTR mode be replaced by a non-cryptographic operation assuming the IV is kept secret?

I'm questioning this because I took a look in the Even–Mansour scheme and could see that the encryption operation can be replaced by a publicly known unkeyed permutation.

1 + 1

modes-of-operation

initialization-vector

ctr

Maarten Bodewes

12/3/23, 2:57 PM

Two remarks: Even-Mansour doesn't use an IV, so it is not secure as a normal cipher: identical plaintext blocks will end up as identical ciphertext unless the key is updated. Furthermore, the XOR with a key is basically working as a one time pad. Without a key, CTR mode is not even a cipher, as the block cipher is the only location where the key is actually used.

Score:4

Crypto

poncho

12/3/23, 8:14 PM

by a publicly known permutation...

No, that'd be a bad idea. Consider if the attacker received the two-block message:

$$M_0 \oplus \text{Perm}( IV ), M_1 \oplus \text{Perm}( IV+1 )$$

and also happened to know (or guess) $M_0$ (partial known plaintext). Then, he could recover $\text{Perm}(IV)$, and then invert the permutation to recover $IV$

Even-Mansour avoids this issue by adding an xor of secret data after the permutation...

+ 1

Daniel S

12/3/23, 8:34 PM

True in the cases likely under consideration, but there are examples of permutations that are not easy to invert. e.g. RSA permutes residues mod $N$ and modular exponentiation mod $p$ permutes 1,…, $p-1$

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can the encryption with CTR mode be replaced by a publicly known unkeyed permutation when doing multiple encryption and keeping the IV secret?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.