AES-CTR (streaming encryption) mode 1-bit change in plaintext 1-bit in encrypted text?

Question

AES-CTR (streaming encryption) mode 1-bit change in plaintext 1-bit in encrypted text?

From what I understand, in a stream cipher (or AES CTR mode), the key is actually encrypted using IV (or in general, we create pseudorandom bytes from the K key). Then we use this key to encrypt plaintext with XOR.

But from what I understand, assuming that the same key K is used, changing one bit in plaintext only changes 1 bit of ciphertext.

Am I right, or did I understand that this is completely wrong?

And if I'm right, is it no less secure than CBC? (Since in CBC a single bit is changed in plaintext, all bits in the ciphertext are changed from point a)

Thank!!!

+3

cryptography encryption block-cipher stream-cipher

TCS Nov 26 '10 at 15:41

source share

4 answers

, , CTR , AEAD, CCM GCM.

+4

James K Polk 26 . '10 17:19

CTR, , . , , , .

+3

caf 27 . '10 8:35

Yes you are right. Except that the key is not encrypted, but the IV (counter) is encrypted using the key. This approach allows random access to the encrypted stream (since the counter is known for each piece of data).

+1

Nickolay Olshevsky Nov 26 '10 at 15:48

source share

Giacomo Verticale · Accepted Answer · 2010-11-26T17:40:49+0000

Apparently, the CTR mode violates the Shannon diffusion principle , since changing bits in the text text only slightly changes the result. However, this is only part of the story. In fact, you must also change the IV for each message. Therefore, many bits will change in the next message, even if you change only one bit in plain text or even if the message remains the same.

, , CTR, CBC , , @GregS, , CCM, GCM EAX.

AES-CTR (streaming encryption) mode 1-bit change in plaintext 1-bit in encrypted text?

More articles: