Cryptography Reference
In-Depth Information
used when their clocks show the same time) to perform encryptions with the same
key, but we will assume that this is not the case.
> nonce := proc(n::posint)
local l, r;
l := sscanf(StringTools:-FormatTime(%y%m%d%k%M%S), %2d%2d%2d%2d%2d%2d);
r := RandomTools:-Generate(list(nonnegint(range = 255), n-6));
[op(l), op(r)]
end proc:
The previous function will be optionally used not only for OFB mode but also
to set the initial value of the counter in CTR mode. The procedure we are going to
follow for this is similar to one suggested in [68]. At the start of each CTR encryption,
the initial counter will be obtained by calling
nonce(12)
and completing it with
four zeros on the right to make a 16-byte block. The function that selects the IV for
OFB and CTR modes is then the following:
> selectiv := proc()
[op(nonce(12)), 0$4]
end proc:
An example of several IVs for OFB or CTR modes is then the following:
>forito6do
selectiv()
end do;
[10, 7, 28, 16, 46, 24, 92, 246, 238, 121, 44, 223, 0, 0, 0, 0]
[10, 7, 28, 16, 46, 24, 5, 225, 186, 43, 99, 37, 0, 0, 0, 0]
[10, 7, 28, 16, 46, 24, 196, 26, 95, 16, 231, 228, 0, 0, 0, 0]
[10, 7, 28, 16, 46, 24, 89, 250, 161, 17, 179, 55, 0, 0, 0, 0]
[10, 7, 28, 16, 46, 24, 170, 82, 24, 89, 92, 59, 0, 0, 0, 0]
[10, 7, 28, 16, 46, 24, 220, 141, 49, 122, 174, 7, 0, 0, 0, 0]
Note that, as these IVs were all generated in the same second, the timestamp parts,
i.e., the first six bytes are all the same, but the pseudo-random parts (the next six
bytes) take care of making the IVs distinct. Observe also that if actual encryptions
are performed and the IV is generated just when performing these encryptions, the
timestamp part of each of these IVs would be different if no two encryptions are
performed in the same second.
We have already given the incrementing function that will generate the subsequent
counter values but we also have to bear in mind that, since the counter is initialized by
using the nonce each time the CTR encryption function is called, one has to ensure
not only that the value returned by the nonce function never repeats—as already
discussed—and that the counter value never repeats during one encryption, but also
that no repeated counter values arise during different encryptions with the same key.
We leave this as an exercise for the reader.
Exercise 4.12
Show that, in practice (taking into account the maximum size of a
Maple list), one will never obtain a repeated counter value during CTR encryptions
if the initial counter is selected with
selectiv
and increased with
inc32
.
