I'm using a 64-bit nonce (incremented between the streams) and a 64-bit counter (incremented within a stream) for AES in CTR mode. How many different key streams can I produce with this setup?
Asked
Active
Viewed 233 times
2
-
1Do you mean how many different keystreams or how many bits (or bytes) in a single keystream (for a fixed nonce and key)? – mikeazo Jul 31 '12 at 13:05
-
how many different keystreams – goldroger Jul 31 '12 at 13:37
-
1Is the key fixed? Is the nonce incremented for each stream, or does it get chosen randomly? – CodesInChaos Jul 31 '12 at 14:11
-
@CodesInChaos, the key is fixed, the nonce incremented for each stream.. ex: this is my nonce = aaaaaaaaaaaaaaaa this is the counter = 0000000000000001 in the next stream the counter will increment, 0000000000000002 – goldroger Jul 31 '12 at 14:41
1 Answers
3
The number of different key streams depends on the keysize used and the number of bits in the nonce. Say you are using an $n$ bit key and $k$ bits for your nonce. Then the theoretical maximum number of keystreams is $2^n\cdot 2^k=2^{n+k}$ since each combination of nonce and key should result in a different keystream.
If you limit the length of your keystreams, however, this changes. Say you only want $128$-bit keystreams, but you use a $256$-bit key and a $64$-bit nonce. There will only be $2^{128}$ different key streams.
So, if your keystreams are $s$ bits long, you use an $n$ bit key, and a $k$ bit nonce, then really, the number of possible key streams is $\min(2^{s}, 2^{n+k})=2^{\min(s,n+k)}$.
Update
Based on the comment that the key is fixed, this changes the analysis. Since there is only one key it becomes $\min(2^{s}, 2^{k})=2^{\min(s,k)}$. The above analysis if for a randomly chosen key.
mikeazo
- 38,563
- 8
- 112
- 180