Understanding Cryptography by Christof Paar and Jan Pelzl - Chapter 5 Solutions - Ex5.9
- 2 mins- Return to index
- Exercise 5.1
- Exercise 5.2
- Exercise 5.3
- Exercise 5.4
- Exercise 5.5
- Exercise 5.6
- Exercise 5.7
- Exercise 5.8
- Exercise 5.9
- Exercise 5.10
- Exercise 5.11
- Exercise 5.12
Exercise 5.9
We are using AES in counter mode for encrypting a hard disk with 1 TB of capacity. What is the maximum length of the IV?
Note: TB normally refers to a Terabyte (which is \(10^9\) bytes). This answer does not coverge with the answer in the solution manual unless you define 1 TB as 1 Tebibyte (TiB), which is \(2^{40}\) bytes.
Solution
This solution is verified as correct by the official Solutions for Odd-Numbered Questions manual.
Asking what the maximum length of the IV can be is equivalent to asking for the minimum length of the counter value bits. The total number of bits to be input into the cryptographic primitive is 128. As such, we need to calculate how many counter values we need to encrypt 1 TiB of data. This will allow us to calculate the number of bits needed for the counter. Subtracting this number will give us the maximum number of bits available for the IV.
First we work out how many blocks are needed:
\[2^{43}\,\mathsf{plaintext bits} \div 128\,\mathsf{bits/block} \\= 68,719,476,736 \,\mathsf{blocks}\]Note: It’s very easy to fall into the trap that there are \(2^{40}\) bits of plaintext. There are in fact \(2^{40} \times 8 = 2^{43}\) bits of plaintext, since 1 TiB is \(2^{40}\) bytes.
We will need one distinct counter value for each block, so we take this value \(log_2\) to work out the number of bits required for the counter:
\[log_2 68,719,476,736\,\mathsf{blocks} = 36\,\mathsf{bits}\]The number of bits required for the counter is therefore 36. These bits are also used to full capacity. One more bit of plaintext to be encrypted and we’d need another counter bit.
As such, the final thing to do is substract this from the total number of input bits available to determine the maximum number of IV bits that allows encryption of 1 TiB without cycles in the keystream.
\[128\,\mathsf{bits} - 36\,\mathsf{bits}= 92\,\mathsf{bits}\]As such, the maximum number of bits available for use as IV is 92.