Re: ECB-Counter AES mode

Karl Malbrain <malbrain@xxxxxxxxx> wrote:

Is there an obvious weakness I'm overlooking in empressing a
sequential counter value over the plain text block with XOR prior to
AES encryption and removing the counter value after AES decryption?

Yes. A message consisting of two blocks which differ only in the least
significant bit has probability 1/2 of encrypting to two equal
ciphertext blocks with a uniformly distributed initial counter. If the
initial counter isn't uniformly distributed, one can improve on this.

On the other hand, if you encrypt the counter and XOR it with the
plaintext, you get counter mode which is provably secure.

-- [mdw]
.

Relevant Pages

  • Re: ECB-Counter AES mode
    ... counter value over the plain text block with XOR prior to AES encryption and ... removing the counter value after AES decryption? ... studied encryption modes have been rejected in favour of a home grown mode. ... Designing secure encryption modes is _really_ hard so it should be a truly last resort, embarked on only when existing respected modes have been shown not to meet some essential application security requirement. ...
    (sci.crypt)
  • Re: ECB-Counter AES mode
    ... counter value over the plain text block with XOR prior to AES encryption and ... removing the counter value after AES decryption? ... well studied encryption modes have been rejected in favour of a home grown mode. ...
    (sci.crypt)
  • Re: ECB-Counter AES mode
    ... counter value over the plain text block with XOR prior to AES encryption and ... removing the counter value after AES decryption? ... well studied encryption modes have been rejected in favour of a home grown mode. ...
    (sci.crypt)
  • Re: ECB-Counter AES mode
    ... counter value over the plain text block with XOR prior to AES encryption and removing the counter value after AES decryption? ...
    (sci.crypt)
  • Re: ECB-Counter AES mode
    ... counter value over the plain text block with XOR prior to AES encryption and ... removing the counter value after AES decryption? ...
    (sci.crypt)
Loading