Re: Core draft last call update.

To: Wei Dai <weidai%eskimo.com@localhost>
Subject: Re: Core draft last call update.
From: Bill Sommerfeld <sommerfeld%east.sun.com@localhost>
Date: Wed, 13 Mar 2002 18:33:34 -0500

> What about the proposed language I sent earlier? It already specifies
> everything needed for CTR mode.

It needs to be turned into a stand-alone internet-draft.

> For any cipher in CTR mode, the counter used to encrypt each plaintext
> block MUST be the IV if no previous plaintext block exists, or C+1 mod 2^N
> where C is the counter used to encrypt the previous block, and N is the
> block size of the cipher in bits.  Network order SHOULD be used to convert
> the counter between its octet string form and its integer form for the
> computation of C+1 mod 2^N. 

so:

The size of the IV is left unspecified.

The text "the counter used to encrypt each plaintext block" is
unspecified, and could mean any of:

	C[n] = ECB-Encrypt(ctr++, P[n]);
	C[n] = P[n] ^ ECB-Encrypt(K, ctr++);
	C[n] = P[n] ^ ctr++;

Also left underspecified is the block size of the mode (i.e., in terms
of how the transport layer pads out messages to the block size);
fundamentally there's no reason why this has to be the same as the
underlying cipher block size, but if they're different, you need to
specify whether or not partial blocks get carried over from message to
message.

				- Bill

Follow-Ups:
- Re: Core draft last call update.
  - From: Wei Dai

References:
- Re: Core draft last call update.
  - From: Wei Dai

Prev by Date: Re: Core draft last call update.
Next by Date: WG LAST CALL: SECSH Public Key File Format
Previous by Thread: Re: Core draft last call update.
Next by Thread: Re: Core draft last call update.
Indexes:

Home | Main Index | Thread Index | Old Index