# **Cross the Streams **

Counter mode has a number of advantages to CBC mode and, in our opinion, is significantly easier to understand than CBC mode. Also, while CTR is the traditional abbreviation, “CM” is a really nice set of initials. Although simple, the concept behind this mode can be a little counter-intuitive at first (yup). In CTR mode, you actually never use AES for encryption or decryption of the data. Instead, this mode generates a key stream that is the same length as the plaintext and then uses XOR to combine them together. Recall from earlier exercises in this chapter that XOR can be used to “mask” plaintext data by combining it with random data. The previous exercise masked 16 bytes of plaintext with 16 bytes of random data. This is a real form of encryption called a “one-time pad” (OTP) [11, Chap. 6]. It works great but requires that the key is the same size as the plaintext. We don’t have the space here to explore the OTP further; the important concept is that using XOR to combine plaintext and random data is a great way to create ciphertext. AES-CTR mimics this aspect of OTP. But instead of requiring the key to be the same size as the plaintext (a real pain when encrypting a 1TB file), it uses AES and a counter to generate a key stream of almost arbitrary length from an AES key as small as 128 bits. To do this, CTR mode uses AES to encrypt a 16-byte counter, which generates 16 bytes of key stream. To get 16 more bytes of key stream, the mode increases the counter by one and encrypts the updated 16 bytes. By continually increasing the counter and encrypting the result, CTR mode can produce an almost arbitrary amount of key stream material.11 Once a sufficient amount of key material is generated, the XOR operation is used to combine them together to produce the ciphertext.

Nielson, Seth James; Monson, Christopher K.. Practical Cryptography in Python: Learning Correct Cryptography by Example (pp. 122-123). Apress. Edição do Kindle.

In [8]:
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend


import os

class EncryptionManager:
  def __init__(self):
      key = os.urandom(32)
      nonce = os.urandom(16)
      aes_context = Cipher(algorithms.AES(key),
                           modes.CTR(nonce),
                           backend=default_backend())
      self.encryptor = aes_context.encryptor()
      self.decryptor = aes_context.decryptor()

  def updateEncryptor(self, plaintext):
      return self.encryptor.update(plaintext)

  def finalizeEncryptor(self):
      return self.encryptor.finalize()

  def updateDecryptor(self, ciphertext):
      return self.decryptor.update(ciphertext)

  def finalizeDecryptor(self):
      return self.decryptor.finalize()

# Auto generate key/IV for encryption


manager = EncryptionManager()
plaintexts = [
    b"SHORT",
    b"MEDIUM MEDIUM MEDIUM",
    b"LONG LONG LONG LONG LONG LONG"
    ]

ciphertexts = []
for m in plaintexts:
    ciphertexts.append(manager.updateEncryptor(m))

ciphertexts.append(manager.finalizeEncryptor())

for c in ciphertexts:
    print("Recovered", manager.updateDecryptor(c))

print("Recovered", manager.finalizeDecryptor())


# Nielson, Seth James; Monson, Christopher K..
# Practical Cryptography in Python: Learning Correct Cryptography by Example (p. 127).
# Apress. Edição do Kindle.

Recovered b'SHORT'
Recovered b'MEDIUM MEDIUM MEDIUM'
Recovered b'LONG LONG LONG LONG LONG LONG'
Recovered b''
Recovered b''
