Corpus ID: 6372895

Next Counter Function Block Cipher Key Initial Counter

  title={Next Counter Function Block Cipher Key Initial Counter},
  author={David A. McGrew},
In this document we describe Counter Mode (CM) and its security properties, reviewing relevant cryptographic attacks and system security aspects. This mode is well understood and can be implemented securely. However, we show that attacks using precomputation can be used to lower the security level of AES-128 CM below the recommended strength for ciphers if the initial counter value is predictable. For this reason, AES-128 CM counter values should contain a 64-bit unpredictable field. We… Expand

Figures and Tables from this paper


Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists
This work assesses the strength required of the symmetric cryptographic systems for encrypting data and public key or asymmetric systems for managing the keys used by symmetric systems. Expand
How to Forge DES-Encrypted Messages in $2^{28}$ Steps
It is shown that the theoretic strength of a cipher cannot exceed the square root of the size of the key space, and some DES keys can be recovered while they are still in use, and these keys can then be used to forge messages. Expand
Attacks on Additive Encryption of Redundant Plaintext and Implications on Internet Security
This work presents and analyzes attacks on additive stream ciphers that rely on linear equations that hold with non-trivial probability in plaintexts that are encrypted using distinct keys, and defines linear redundancy to characterize the vulnerability of a plaintext source to these attacks. Expand
A concrete security treatment of symmet-ric encryption: Analysis of the DES modes of operation
This work studies notions and schemes for symmetric (ie. private key) encryption in a concrete security framework and analyzes the concrete complexity of reductions among them, providing both upper and lower bounds, and obtaining tight relations. Expand
A Software-Optimized Encryption Algorithm
The software-efficient encryption algorithm SEAL 3.0 is described, which stretches a 32-bit position index into a long, pseudorandom string that can be used as the keystream of a Vernam cipher. Expand
Real Time Cryptanalysis of A5/1 on a PC
New attacks on A5/1 are described, which are based on subtle flaws in the tap structure of the registers, their noninvertible clocking mechanism, and their frequent resets, which make it vulnerable to hardware-based attacks by large organizations, but not to software- based attacks on multiple targets by hackers. Expand
A cryptanalytic time-memory trade-off
  • M. Hellman
  • Computer Science
  • IEEE Trans. Inf. Theory
  • 1980
A probabilistic method is presented which cryptanalyzes any N key cryptosystem in N 2/3 operational with N2/3 words of memory after a precomputation which requires N operations, and works in a chosen plaintext attack and can also be used in a ciphertext-only attack. Expand
Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers
This paper shows that a combination of the two approaches has an improved time/memory/data tradeoff for stream ciphers of the form TM2D2 = N2 for any D2 ≤ T ≤ N. Expand
Applied cryptography: Protocols, algorithms, and source code in C
This is Applied Cryptography Protocols Algorithms And Source Code In C Applied Cryptographic Protocols algorithms and Source Code in C By Schneier Bruce Author Nov 01 1995 the best ebook that you can get right now online. Expand
1] Specification for the Advanced Encryption Standard (AES), FIPS 197, U.S. National Institute of Standards and Technology
  • 1] Specification for the Advanced Encryption Standard (AES), FIPS 197, U.S. National Institute of Standards and Technology
  • 2001