AES-CTR
E42568
AES-CTR is a widely used symmetric-key encryption mode that turns the AES block cipher into a fast, parallelizable stream cipher by encrypting successive counter values and XORing them with the plaintext.
Aliases (2)
Statements (51)
| Predicate | Object |
|---|---|
| instanceOf |
block cipher mode of operation
→
stream cipher mode → symmetric-key encryption mode → |
| advantage |
high performance in software
→
no padding required → simple implementation → |
| basedOnPrimitive |
block cipher
→
|
| blockSize |
128 bits
→
|
| ciphertextExpansion |
none
→
|
| classification |
stream-cipher-like mode
→
|
| decryptionProcess |
encrypts same counter values with AES and XORs with ciphertext
→
|
| disadvantage |
catastrophic failure on nonce reuse
→
no built-in authentication → |
| encryptionProcess |
encrypts successive counter values with AES and XORs with plaintext
→
|
| encryptionType |
symmetric-key
→
|
| errorPropagation |
limited to corrupted blocks
→
|
| firstStandardizedYear |
2001
→
|
| fullName |
Advanced Encryption Standard Counter Mode
→
|
| introducedBy |
NIST
→
|
| isDeterministicWithFixedNonceAndKey |
true
→
|
| isParallelizable |
true
→
|
| isRandomAccess |
true
→
|
| isSelfSynchronizing |
false
→
|
| IVLength |
variable
→
|
| IVType |
nonce
→
|
| IVUniquenessRequired |
true
→
|
| keySizesSupported |
128 bits
→
192 bits → 256 bits → |
| operationMode |
counter mode
→
|
| providesConfidentiality |
true
→
|
| providesIntegrity |
false
→
|
| relatedMode |
AES-CCM
→
AES-GCM → |
| requiresIV |
true
→
|
| requiresMACForIntegrity |
true
→
|
| securityDependsOn |
AES security
→
nonce uniqueness → |
| standardizedIn |
NIST SP 800-38A
→
|
| supportsParallelDecryption |
true
→
|
| supportsParallelEncryption |
true
→
|
| supportsPrecomputation |
true
→
|
| useCase |
disk encryption (with tweaks)
→
high-throughput encryption → network protocols → parallel hardware implementations → |
| usedIn |
IPsec (in some profiles)
→
SSH (in some cipher suites) → TLS (in some cipher suites) → |
| usesCipher |
AES
→
|
| vulnerableIfNonceReused |
true
→
|
Referenced by (3)
| Subject (surface form when different) | Predicate |
|---|---|
|
ChaCha20
→
|
comparedWith |
|
AES-CTR
("Advanced Encryption Standard Counter Mode")
→
|
fullName |
|
Secure Real-time Transport Protocol
("AES-CM")
→
|
typicalCipherMode |