Cryptology ePrint Archive: Report 2020/331

The CTR mode with encrypted nonces and its extension to AE

Sergey Agievich

Abstract: In the modified CTR (CounTeR) mode known as CTR2, nonces are encrypted before constructing sequences of counters from them. This way we have only probabilistic guarantees for non-overlapping of the sequences. We show that these guarantees, and therefore the security guarantees of CTR2, are strong enough in two standard scenarios: random nonces and non-repeating nonces. We also show how to extend CTR2 to an authenticated encryption mode which we call CHE (Counter-Hash-Encrypt). To extend, we use one invocation of polynomial hashing and one additional block encryption.

Category / Keywords: secret-key cryptography / CTR mode, authenticated encryption, block cipher, polynomial hashing, gamma overlapping

Original Publication (with minor differences): Preproceeding of CTCrypt'19, 8th Workshop on Current Trends in Cryptology (June 4-7, 2019, Svetlogorsk, Russia)

Date: received 17 Mar 2020, last revised 10 Sep 2020

Contact author: agievich at bsu by

Available format(s): PDF | BibTeX Citation

Note: Fix typos plus minor clarifications.

Version: 20200910:112116 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]