[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IV sizes for AES candidates

In message <4.1.20000807155937.01ada840@diablo.cisco.com>, "James M. Polk" writ
>Content-Type: text/plain; charset="us-ascii"
>16 bytes for 128bit ciphertext blocksize, right? It should be 24 and 32 for
>192bit and 256bit, correct? Or is it always 16 (which I don't believe is

No, it's always 16 bytes for AES.  The IV acts as a block of 
psuedo-ciphertext for purposes of the CBC calculation; it has nothing 
to do with key size.  AES candidates all support 128, 192, and 256-bit 
keys, but use with variable block sizes is not standard and isn't 
supported by some of the finalists.

To review:  in CBC, ciphertext block i is produced from plaintext block 
i and ciphertext block i-1:

	C_i = E(K, P_i ^ C_{i-1})

But how do you encrypt the first plaintext block P_i?  The answer is to 
use the IV:  C_0 = IV.

		--Steve Bellovin