Cryptography Reference
In-Depth Information
all encryptions done with the same key. To achieve this we use an “incrementing
function” which is called after encrypting each block in order to obtain the counter
for the next block. We will use the so-called 32-bit incrementing function which adds
1 to the counter modulo 2
32
, where the counter is viewed as a 16-digit number in
base 256, in big-endian order, i.e., with the most significant byte first. Therefore, the
32-bit incrementing function only modifies the last four bytes of the counter—that
initially are all zero—and cycles among all the possible values of these 4 bytes. We
could instead add modulo 2
128
—as indicated in our previous description of CTR—
so that the counter values would cycle among 2
128
possible ones, but this is not
really necessary. The 32-bit version provides for 2
32
different counter values each
of which is used to encrypt one 2
4
-byte block. This means that the plaintext can
have up to 2
36
bytes (64gibibytes, close to 69gigabytes) without any counter value
being repeated during encryption. This is more than enough since Maple's list size
limit imposes a maximum plaintext size of 2
26
4 bytes, i.e., about 67MB. It is
possible to modify the implementation to allow for larger plaintexts but, given other
realistic space-time constraints, there would be little point in doing so. Bearing these
considerations in mind, the incrementing function is the following:
−
> inc32 := proc(count)
local i;
i:=3;
while count[i, 3] = 255 do
count[i, 3] := 0;
i := i-1 mod 4
end do;
count[i, 3] := count[i, 3] + 1
end proc:
4.5.1.2 The Low Level Encryption/Decryption Function
The function that implements OFB and CTRmodes (for both encryption and decryp-
tion) is given next. It has four input parameters which are, in order: the AES key
(either a list of bytes or a hex string), the plaintext or ciphertext given as a list of
bytes, the name of the mode (either OFB or CTR) and, finally, the IV given either as
a list of bytes or a hex string. The message is a list of bytes because this function will
be called from other higher-level functions—which will be given later—to encrypt
and decrypt messages in other formats. The first three parameters are required and
the last, i.e., the one corresponding to the IV, may be omitted. If four arguments are
provided, then the function encrypts, otherwise it decrypts (note that the IV is not
necessary for decryption as it is included in the ciphertext).
The key should be randomly chosen and the IV may also be randomly chosen,
although we will later give an alternative way to generate it.
> AESModes := proc(key, bytelist::list, mode::name, iv::list)
local k, ek, inv, states, len, i, kst, count;
uses ListTools;
k := checkkey(key);
ek := KeyExpansion(k);
if nargs = 4 then
inv := checkkey(iv);
