I am encrypting a sequence of messages with AES/CTR. For each sequence, I generate a random initial IV, say IV(0). Define IV(i) = MD5(IV(i - 1)) for i = 1, ..., n. Then for each message m(i), I transmit IV(i) . e(key, IV(i), m(i)) over the channel, where . denotes the append operation and e(.) is the encryption function. In other words, the IV of each message is derived from the previous IV by applying a hash function and I transmit the IVs along the cypher text. Therefore, the IVs are distinct (with high probability), but predictable, if you have the previous one.
Is there any problem with this encryption scheme?
Aucun commentaire:
Enregistrer un commentaire