Paper 2020/331

The CTR mode with encrypted nonces and its extension to AE

Sergey Agievich

Abstract

In the modified CTR (CounTeR) mode known as CTR2, nonces are encrypted before constructing sequences of counters from them. This way we have only probabilistic guarantees for non-overlapping of the sequences. We show that these guarantees, and therefore the security guarantees of CTR2, are strong enough in two standard scenarios: random nonces and non-repeating nonces. We also show how to extend CTR2 to an authenticated encryption mode which we call CHE (Counter-Hash-Encrypt). To extend, we use one invocation of polynomial hashing and one additional block encryption.

Note: Fix typos plus minor clarifications.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. Preproceeding of CTCrypt'19, 8th Workshop on Current Trends in Cryptology (June 4-7, 2019, Svetlogorsk, Russia)
Keywords
CTR modeauthenticated encryptionblock cipherpolynomial hashinggamma overlapping
Contact author(s)
agievich @ bsu by
History
2020-09-10: last of 2 revisions
2020-03-17: received
See all versions
Short URL
https://ia.cr/2020/331
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/331,
      author = {Sergey Agievich},
      title = {The {CTR} mode with encrypted nonces and its extension to {AE}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/331},
      year = {2020},
      url = {https://eprint.iacr.org/2020/331}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.