Home/ Questions/Q 8506607
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T02:38:13+00:00

I have the following test application: import Codec.Crypto.AES import qualified Data.ByteString.Char8 as B key

  • 0

I have the following test application:

import Codec.Crypto.AES
import qualified Data.ByteString.Char8 as B

key = B.pack "Thisismykey....."

iv = B.pack "0000000000000001"

main = do 
     let myenc = crypt' CTR key iv Encrypt (B.pack "1234567812345678") 
     print (B.unpack myenc)

That prints the following result:
“\250\DC4\DC4\255\223\221C\ETBx\239sF\nuZu”

If I change the cleartext “1234567812345678” into “1234567812345688”
I get “\250\DC4\DC4\255\223\221C\ETBx\239sF\nuUu”

If I change the cleartext to “1134567812345678”
I get the output “\250\ETB\DC4\255\223\221C\ETBx\239sF\nuZu”

I am now very surprised since there is clearly a predictable correlation between the input and the output that IMHO should not happen. If I change something at the front of the cleartext then only the front of the output is affected etc.. Can it be that somehow has to do with 8 or 16 Byte boundaries of byte strings and how could I fix this? Is something misguiding me here?

Independent from the CTR mode it should be noticed that AES works with 4×4 byte arrays and the question is about the encryption of a single array. AES should to my understanding perform four rounds of mixing and the change of a single byte (out of 16) should result in at least 50% of the bits being different. Thus, it can in my opinion not be that changes at the end of a 16 byte cleartext change exactly the end of the cipher text and changes at the front change the front etc.. To my understanding the IV only comes into play as a counter when multiple 4×4 arrays are involved.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It has nothing to do with haskell.

    Read http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Initialization_vector_.28IV.29

    Since you are using the same IV to encrypt the message twice under CTR mode it is not secure.
    Read about cryptography algorithms and try to avoid writing your own crypto code as it is more likely to have security loopholes.

    The requirement of CTR mode is (key,IV) pair should be unique.
    The trivial solution would be generate a new IV for every new message you encrypt.

    [explanation of CTR mode security flaw]
    https://crypto.stackexchange.com/questions/2991/why-must-iv-key-pairs-not-be-reused-in-ctr-mode

    In CTR mode F(IV+counter,key) XOR Plaintext = CIPHER .. so if nonce and key remain same then F is same for both the plain text .. So If $C_1$ is cipher of $P_1$ and $C_2$ is cipher of $P_2$ then 

    xor($C_1$,$C_2$) = xor($P_1$,$P_2$) for same (key,IV) pair

    Supporting code :

    import Codec.Crypto.AES
import qualified Data.ByteString.Char8 as B
import qualified Data.ByteString as BS
import Data.Bits (xor) 

key = B.pack "Thisismykey....."

iv = B.pack "1234567891012131"
p1 =  (B.pack "1234567812345678") 
p2 =  (B.pack "1234567812345688") 
x = crypt' CTR key iv Encrypt p1 
y = crypt' CTR key iv Encrypt p2 

main = do 
     print $ BS.zipWith xor x y  
     print $ BS.zipWith xor p1 p2

    Output 

    [0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0]
[0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0]
    • 0