Cryptography Reference
In-Depth Information
You could, of course, defi ne a stream cipher that allows optional padding,
but that sort of defeats the purpose. The principal benefi t of a stream cipher
is that you can transmit data as soon as it becomes available and not wait for
an entire block.
Counter (CTR) mode
, illustrated in Figure 9-1, is similar to OFB, but instead
of encrypting an initialization vector over and over again, it encrypts a mono-
tonically increasing sequence called a
nonce
and XOR's that with the plaintext
to produce the ciphertext. This approach has an advantage over CBC and OFB
because it's infi nitely parallelizable. If you have 10 dedicated AES chips that
can encrypt a block in a single clock cycle, you can encrypt 10 blocks in a single
clock cycle with CTR mode; this is not the case with CBC and OFB because
the fi nal output of each block depends on all of the blocks that preceded it.
Additionally, if you lose one block somewhere in the middle, you can't recover
the following block if you're using CBC and OFB, but you can recover it with
CTR mode.
nonce
0001
nonce
0002
...
nonce
000n
AES Encrypt
AES Encrypt
AES Encrypt
input block 1
input block 2
...
input block n
output block 1
output block 2
output block n
Figure 9-1:
Counter mode encryption
Listing 9-12 illustrates how to modify the AES-CBC sample from Listing 2-42
to work in CTR mode.
Listing 9-12:
AES-CTR mode
void aes_ctr_encrypt( const unsigned char *input,
int input_len,
unsigned char *output,
void *iv,
const unsigned char *key )
{
unsigned char *nonce = ( unsigned char * ) iv;
(Continued)
Search WWH ::
Custom Search