forked from Mirrors/freeswitch
1 line
14 KiB
Plaintext
1 line
14 KiB
Plaintext
|
Crypto Forum Research Group David A. McGrew
Internet Draft Cisco Systems, Inc.
Expires April, 2003 October, 2002
Integer Counter Mode
<draft-irtf-cfrg-icm-00.txt>
Status of this Memo
This document is an Internet Draft and is in full conformance with
all provisions of Section 10 of RFC-2026. Internet Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and working groups. Note that other groups may also distribute
working documents as Internet Drafts.
Internet Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
1. Abstract
This document specifies Integer Counter Mode (ICM), a mode of
operation of a block cipher which defines an indexed keystream
generator (which generates a keystream segment given an index).
This mode is efficient, parallelizable, and has been proven secure
given realistic assumptions about the block cipher. Test vectors
are provided for AES.
Counter Mode admits many variations. The variant specified in
this document is secure and flexible, yet it enables a single
implementation of a keystream generator to suffice in different
application domains.
McGrew [Page 1]
Internet Draft Integer Counter Mode October, 2002
2. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in RFC-2119 [B97].
3. Introduction
Counter Mode is a way to define a pseudorandom keystream generator
using a block cipher [CTR]. The keystream can be used for additive
encryption, key derivation, or any other application requiring
pseudorandom data.
In ICM, the keystream is logically broken into segments. Each
segment is identified with a segment index, and the segments have
equal lengths. This segmentation makes ICM especially appropriate
for securing packet-based protocols.
4. ICM
In this section, ICM keystream generation and encryption are
defined.
4.1. ICM Parameters
The following parameters are used in ICM. These parameters MUST
remain fixed for any given use of a key.
Parameter Meaning
-----------------------------------------------------------------
BLOCK_LENGTH the number of octets in the cipher block
KEY_LENGTH the number of octets in the cipher key
OFFSET_LENGTH the number of octets in the offset
SEGMENT_INDEX_LENGTH the number of octets in the segment index
BLOCK_INDEX_LENGTH the number of octets in the block index
4.2. Keystream Segments
Conceptually, ICM is a keystream generator that takes a secret key
and a segment index as an input and then outputs a keystream
segment. The segmentation lends itself to packet encryption, as
each keystream segment can be used to encrypt a distinct packet.
A counter is a value containing BLOCK_LENGTH octets which is
McGrew [Page 2]
Internet Draft Integer Counter Mode October, 2002
incremented using an increment function based on integer addition,
to produce a sequence of distinct values which are used as inputs to
the block cipher. (In the context of this specification, an integer
is an octet string, the most significant of which is the first.)
The output blocks of the cipher
|