|
|
|
|
|
|
by rocqua
3233 days ago
|
|
|
AES in CTR mode does work like that. So do most stream ciphers. Differential cryptanalysis is not about defending against bit-flips. Instead, it is about comparing two cipher texts to learn something about the relation between corresponding plain-text. This is only possible on AES-CTR if you have to ciphertexts with the same key and nonce/IV. This is why a nonce is supposed to be used only once. Same goes for other xor based stream ciphers. |
|
|