I am implementing a stream cipher in a microcontroller that only has an AES128 encryption block. According to this page, a block cipher based on an encryption only module can be converted into a stream cipher using CFB, OFB and CTR modes. Assuming I have a unique IV, which is the most robust method to use?
Asked
Active
Viewed 437 times
1 Answers
2
You should use CTR mode. You will not need to have random IV every time, rather you will use incremental counter and set it to zero once you change the KEY. You should not encrypt more than ${2^{n/2}}$ blocks.
CTR mode allows both parallel encryption and decryption without padding. You can even precompute the CTR encryptions in Idle time and just Xor it with input stream to generate ciphertext once required.
OFB mode have cyclic issue and if cycle is small, the generated key stream will start repeating itself.
In fact you should use GCM to get authenticated encryption. see Disadvantages of various Authenticated modes of Operation or how to choose between CCM and GCM
Here is a List of Advantages and Disadvantages of Modes of Operation
For good comparison of mode of operations, please see Evaluation of Some Blockcipher Modes of Operation
crypt
- 2,522
- 22
- 33