Cryptography Reference
In-Depth Information
Encryption proceeds as follows:
1. The initial value in the top register is the initial counter value. This value is the
same for both the sender and the receiver and plays the same role as the IV in
CFB (and CBC) mode.
2. As for CFB mode, encrypt the contents of the top register (the counter value)
with the key and place the result in the bottom register.
3. As for CFB mode, take the first plaintext block
P
1
and XOR this to the contents
of the bottom register. The result of this is
C
1
, our first block of ciphertext.
4. Send
C
1
to the receiver and update the counter, placing the new counter value
into the top register (thus the counter update replaces the ciphertext feedback
in CFB mode). Now repeat from step 2. Continue in this manner until the last
plaintext block has been added to the contents of the bottom register and
passed on to the receiver.
Thus CTR mode does not have message dependency (a ciphertext block does not
depend on the previous plaintext blocks) but it does have positional dependency
since a ciphertext block depends on the position of the current plaintext block
within the message.
Decryption, which is similar to encryption, proceeds as follows:
5. Start by placing the initial counter value in the top register.
6. As for CFB mode, encrypt the contents of the top register (the counter value)
with the key and place the result in the bottom register.
7. As for CFBmode, take the first ciphertext block
C
1
and XOR this to the contents
of the bottom register. The result of this is
P
1
, our first block of plaintext.
8. Update the counter, placing the new counter value in the top register.
9. Now repeat from step 6. Continue in this manner until the last ciphertext block
has been added to the contents of the bottom register to generate the last
plaintext block.
Thus, just like CFB mode, CTR mode does not involve the decryption process of
the block cipher. This is because, just like CFBmode, CTRmode is really using the
block cipher to generate a keystream, which is encrypted using the XOR function.
In other words, CTR mode also converts a block cipher into a type of stream
cipher.
PROPERTIES OF CTR MODE
The most obvious disadvantage of CTR mode is that it requires a synchronous
counter. If this counter loses synchronisation then the subsequent plaintexts are
all incorrectly recovered.
However, CTR mode preserves most of the other advantages of CFB mode.
In addition it has some significant advantages over CFB mode and the other two
modes of operation:
Error propagation
. Like a dedicated stream cipher, CTR mode has the advantage
that there is no error propagation. If a 1-bit error occurs in transmission then
