[Cryptography] [Crypto-practicum] Justify the sequence of operations in CTR mode.
Ron Garret
ron at flownet.com
Thu Feb 11 18:41:38 EST 2016
On Feb 11, 2016, at 2:35 PM, Ray Dillinger <bear at sonic.net> wrote:
>
>
> On 02/11/2016 01:43 PM, Ron Garret wrote:
>
>> On Feb 11, 2016, at 1:27 PM, Ray Dillinger <bear at sonic.net> wrote:
>
>>> I propose instead "CXR mode", defined as
>>>
>>> Ciphertext = E(counter XOR Plaintext, key)
>>
>> Or maybe:
>>
>> Ciphertext = E(hash(counter+key) XOR plaintext, key)
>>
>> Something about the (counter XOR Plaintext) makes me queasy, though I can’t offhand put my finger on what it is.
>
> In order to exploit any properties about counter XOR plaintext, the
> attacker would have to be able to spot patterns in plaintext by
> looking at the ciphertext, or predict patterns in ciphertext based
> on known properties of plaintext.
Aha, I just figured out what made me queasy about it.
If part of my cleartext happens to be a numerical sequence, then simply xoring with a counter will expose that because the result will be a sequence of identical blocks. If I xor with a keyed hash of the counter then the probability that this will happen is negligible.
rg
More information about the cryptography
mailing list