[Cryptography] [Crypto-practicum] Justify the sequence of operations in CTR mode.
Ron Garret
ron at flownet.com
Thu Feb 11 16:43:07 EST 2016
On Feb 11, 2016, at 1:27 PM, Ray Dillinger <bear at sonic.net> wrote:
> I propose instead "CXR mode", defined as
>
> Ciphertext = E(counter XOR Plaintext, key)
Or maybe:
Ciphertext = E(hash(counter+key) XOR plaintext, key)
Something about the (counter XOR Plaintext) makes me queasy, though I can’t offhand put my finger on what it is.
But do you really need non-malleability at the level of an encryption block? Why is it not enough to use an authenticated encryption mode with the authenticator applied to a disk block? That would seem to me to defeat the malleability attack you’re suggesting while maintaining random access.
rg
More information about the cryptography
mailing list