[Cryptography] updating a counter
Krisztián Pintér
pinterkr at gmail.com
Mon May 19 14:14:29 EDT 2014
Sandy Harris (at Monday, May 19, 2014, 3:58:44 PM):
> With a straight counter only a few bits change on most iterations and
> the high bits almost never, even if the counter is initialised
> randomly. If you start from zero, rest the counter when rekeying, and
> rekey at some sensible interval like 2^32 iterations, 96 bits of a
> 128-bit counter or 224 bits of a 256-bit one will never change. This
> may not break things, but it cannot be a good idea to use a series of
> values with small Hamming differences and many known bits.
here is the counterlogic to that. you already have a PRF with the
exact same blocksize as your block cipher: the block cipher itself.
so you could, if you are adamant on using less predictable counter,
just use some additional rounds in the block cipher. you can call the
first few cycles the "diffusion rounds", and the rest of the rounds
the "cipher rounds".
however. what is the design rationale behind the number of rounds in a
cipher? it is exactly to mask *any* correlation between the input and
the output. ciphers are designed to support straight up counter mode.
in other words, your cipher already contains the "diffusion rounds".
you don't need to do a thing.
More information about the cryptography
mailing list