[Cryptography] Shortening block cipher length...
Natanael
natanael.l at gmail.com
Sat Jul 17 20:11:16 EDT 2021
Den sön 18 juli 2021 01:18Ray Dillinger <bear at sonic.net> skrev:
>
>
> Counter mode, classically, is P XOR E(Ctr) = C. Using the same set
> of operations the same number of times each you can implement a clearly
> superior counter mode E(P XOR Ctr) = C. This second mode suffers none
> of the above indignities and makes no sacrifice in efficiency. It
> dominates the original XOR counter mode in security vs. efficiency,
> requiring no new operations. Therefore there is no excuse for using the
> original XOR counter mode ever again.
>
XOR is not a good combiner here for a plain counter, P XOR Ctr exposes if
the plaintext iterates (or rather decreases) by the same value as the
counter in between blocks. If P goes down by one and Ctr up by one, C is
identical for the for the two blocks.
Either the counter must be pseudorandom or you must use a different
combiner like a keyed permutation (double block cipher invocation per
message block).
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210718/ac508c50/attachment.htm>
More information about the cryptography
mailing list