Cryptography Reference
In-Depth Information
2.2.5 Counter Mode (CTR)
The plaintext
x
is split into
x
n
, and the ciphertext
y
is the concate-
nation of blocks which are obtained iteratively. We use a sequence
t
1
,...,
-bit blocks
x
1
,...,
t
n
of counters
and the encryption is performed by
y
i
=
x
i
⊕
truncL
(
C
(
t
i
))
.
For a given key, all counters must be pairwise different. For this we can, for instance,
let
t
i
be equal to the binary representation of
t
1
+
1) so that each
t
i
“counts” the
block sequence. The initial counter
t
1
can either be equal to the latest used counter
value stepped by one unit or include a nonce which is specific to the plaintext. In the
latter case nonces must be pairwise different.
(
i
−
In Fig. 2.11 the CTR mode with
set to the block length of
C
is depicted.
2.3
Multiple Encryption
DES relies on a secret key of 56 effective bits, which is rather short. To
strengthen its security, people suggested to use multiple DES encryption with several
keys.
2.3.1 Double Mode
A first proposal was to use a double mode following the regular product cipher:
Enc
=
C
k
1
◦
C
k
2
One security problem is that we may face meet-in-the-middle attacks (see Section 2.9.5).
For this reason double modes are not recommended.
x
1
x
2
x
3
x
n
···
t
1
t
2
t
3
t
n
C
C
C
C
⊕
⊕
⊕
⊕
y
1
y
2
y
3
y
n
···
Figure 2.11.
CTR mode with
set to the block length.
Search WWH ::
Custom Search