Understanding Cryptography by Christof Paar and Jan Pelzl - Chapter 5 Solutions - Ex5.9

- 2 mins

Exercise 5.9

We are using AES in counter mode for encrypting a hard disk with 1 TB of capacity. What is the maximum length of the IV?

Note: TB normally refers to a Terabyte (which is bytes). This answer does not coverge with the answer in the solution manual unless you define 1 TB as 1 Tebibyte (TiB), which is bytes.


This solution is verified as correct by the official Solutions for Odd-Numbered Questions manual.

Asking what the maximum length of the IV can be is equivalent to asking for the minimum length of the counter value bits. The total number of bits to be input into the cryptographic primitive is 128. As such, we need to calculate how many counter values we need to encrypt 1 TiB of data. This will allow us to calculate the number of bits needed for the counter. Subtracting this number will give us the maximum number of bits available for the IV.

First we work out how many blocks are needed:

Note: It’s very easy to fall into the trap that there are bits of plaintext. There are in fact bits of plaintext, since 1 TiB is bytes.

We will need one distinct counter value for each block, so we take this value to work out the number of bits required for the counter:

The number of bits required for the counter is therefore 36. These bits are also used to full capacity. One more bit of plaintext to be encrypted and we’d need another counter bit.

As such, the final thing to do is substract this from the total number of input bits available to determine the maximum number of IV bits that allows encryption of 1 TiB without cycles in the keystream.

As such, the maximum number of bits available for use as IV is 92.

Thomas Busby

Thomas Busby

I write about computing stuff

comments powered by Disqus
rss facebook twitter github youtube mail spotify instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora