Re: ECB-Counter AES mode
- From: Mark Wooding <mdw@xxxxxxxxxxxxxxxx>
- Date: Sat, 29 Nov 2008 12:32:53 +0000 (UTC)
Karl Malbrain <malbrain@xxxxxxxxx> wrote:
Yes, taking a sequential counter and encrypting it (e.g. CTR mode) then
encrypting the CTR mode result would avoid the problems with plain-old CTR
mode.
Huh? What problems with plain-old CTR mode? CTR mode is IND-CPA with a
secure PRP. The only problems I know of are chosen-ciphertext attacks
and lack of plaintext integrity. These problems have the same solution:
authenticate the ciphertext.
Re-encrypting the CTR-mode output provides a minimal level of protection
in the case where you're sufficiently stupid to reuse a counter value.
-- [mdw]
.
- Follow-Ups:
- Re: ECB-Counter AES mode
- From: John E. Hadstate
- Re: ECB-Counter AES mode
- References:
- ECB-Counter AES mode
- From: Karl Malbrain
- Re: ECB-Counter AES mode
- From: David Eather
- Re: ECB-Counter AES mode
- From: Karl Malbrain
- Re: ECB-Counter AES mode
- From: John E. Hadstate
- Re: ECB-Counter AES mode
- From: Karl Malbrain
- ECB-Counter AES mode
- Prev by Date: Re: Advice needed - Disseminating My Crypto Research Work.
- Next by Date: Re: ECB-Counter AES mode
- Previous by thread: Re: ECB-Counter AES mode
- Next by thread: Re: ECB-Counter AES mode
- Index(es):
