How to use AES-CTR with same IV in Python?
Question:
With the pycryptodome library, when encrypting with AES-CTR, the iv keyword argument is unavailable for MODE_CTR. I tried setting nonce to 0, but the second ciphertext is still different from the first ciphertext.
from Crypto.Cipher import AES
key = '1111111111111111'
message = 'Hello, world!'
cipher = AES.new(key, AES.MODE_CTR, nonce=b'0')
ciphertext1 = cipher.encrypt(message)
ciphertext2 = cipher.encrypt(message)
Answers:
You have to start afresh with a new instance, so:
cipher1 = AES.new(key, AES.MODE_CTR, nonce='0')
ct_1 = cipher1.encrypt(message)
cipher2 = AES.new(key, AES.MODE_CTR, nonce='0')
ct_2 = cipher2.encrypt(message)
Otherwise the offset will have progressed, and that means that you are encrypting with a different part of the generated key stream. After more than 16 bytes the counter will have progressed as well, and you are using key stream bits consisting of the next encrypted counter.
Remember that cipher instances are stateful. Fortunately they are also pretty lightweight, so re-instantiating a new one is next to harmless.
With the pycryptodome library, when encrypting with AES-CTR, the iv keyword argument is unavailable for MODE_CTR. I tried setting nonce to 0, but the second ciphertext is still different from the first ciphertext.
from Crypto.Cipher import AES
key = '1111111111111111'
message = 'Hello, world!'
cipher = AES.new(key, AES.MODE_CTR, nonce=b'0')
ciphertext1 = cipher.encrypt(message)
ciphertext2 = cipher.encrypt(message)
You have to start afresh with a new instance, so:
cipher1 = AES.new(key, AES.MODE_CTR, nonce='0')
ct_1 = cipher1.encrypt(message)
cipher2 = AES.new(key, AES.MODE_CTR, nonce='0')
ct_2 = cipher2.encrypt(message)
Otherwise the offset will have progressed, and that means that you are encrypting with a different part of the generated key stream. After more than 16 bytes the counter will have progressed as well, and you are using key stream bits consisting of the next encrypted counter.
Remember that cipher instances are stateful. Fortunately they are also pretty lightweight, so re-instantiating a new one is next to harmless.