[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IV sizes for AES candidates
In message <4.1.20000807155937.01ada840@diablo.cisco.com>, "James M. Polk" writ
es:
>--=====================_1659831==_.ALT
>Content-Type: text/plain; charset="us-ascii"
>
>
>Steve
>
>16 bytes for 128bit ciphertext blocksize, right? It should be 24 and 32 for
>192bit and 256bit, correct? Or is it always 16 (which I don't believe is
>correct)?
No, it's always 16 bytes for AES. The IV acts as a block of
psuedo-ciphertext for purposes of the CBC calculation; it has nothing
to do with key size. AES candidates all support 128, 192, and 256-bit
keys, but use with variable block sizes is not standard and isn't
supported by some of the finalists.
To review: in CBC, ciphertext block i is produced from plaintext block
i and ciphertext block i-1:
C_i = E(K, P_i ^ C_{i-1})
But how do you encrypt the first plaintext block P_i? The answer is to
use the IV: C_0 = IV.
--Steve Bellovin