AES-CTR
What is AES-CTR?
AES-CTRA stream-cipher mode that turns AES into a keystream generator by encrypting an incrementing counter and XORing the output with the plaintext.
AES-CTR (Counter Mode) is a confidentiality-only mode standardised in NIST SP 800-38A. The cipher encrypts successive counter blocks (typically a 96-bit nonce concatenated with a 32-bit counter) and XORs the resulting keystream with the plaintext, allowing parallel encryption and random access. CTR provides no integrity by itself and is malleable: an attacker who flips a ciphertext bit flips the same plaintext bit. It must be combined with a MAC or used as the basis for AEAD modes such as GCM, EAX, and CCM. CTR is the workhorse of disk encryption, IPsec ESP, and TLS record protection when paired with authentication.
● Examples
- 01
AES-CTR is the encryption layer inside AES-GCM and AES-CCM.
- 02
Linux dm-crypt uses AES-CTR variants for full-disk encryption.
● Frequently asked questions
What is AES-CTR?
A stream-cipher mode that turns AES into a keystream generator by encrypting an incrementing counter and XORing the output with the plaintext. It belongs to the Cryptography category of cybersecurity.
What does AES-CTR mean?
A stream-cipher mode that turns AES into a keystream generator by encrypting an incrementing counter and XORing the output with the plaintext.
How does AES-CTR work?
AES-CTR (Counter Mode) is a confidentiality-only mode standardised in NIST SP 800-38A. The cipher encrypts successive counter blocks (typically a 96-bit nonce concatenated with a 32-bit counter) and XORs the resulting keystream with the plaintext, allowing parallel encryption and random access. CTR provides no integrity by itself and is malleable: an attacker who flips a ciphertext bit flips the same plaintext bit. It must be combined with a MAC or used as the basis for AEAD modes such as GCM, EAX, and CCM. CTR is the workhorse of disk encryption, IPsec ESP, and TLS record protection when paired with authentication.
How do you defend against AES-CTR?
Defences for AES-CTR typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for AES-CTR?
Common alternative names include: Counter Mode, AES-128-CTR, AES-256-CTR.
● Related terms
- cryptography№ 020
AES (Advanced Encryption Standard)
A NIST-standardized 128-bit block cipher with 128-, 192- or 256-bit keys, designed by Daemen and Rijmen and used as the dominant symmetric cipher worldwide.
- cryptography№ 023
AES-GCM
An authenticated encryption mode that combines AES in counter mode with a GHASH-based authentication tag for confidentiality and integrity in a single pass.
- cryptography№ 105
Block Cipher
A symmetric cipher that encrypts fixed-size blocks of plaintext with a secret key, usually combined with a mode of operation to handle data of arbitrary length.
- cryptography№ 1109
Stream Cipher
A symmetric cipher that encrypts data one bit or byte at a time by XORing it with a pseudorandom keystream derived from a key and nonce.
- cryptography№ 537
Initialization Vector (IV)
A randomized starting value for a block-cipher mode of operation that ensures identical plaintexts encrypted under the same key yield different ciphertexts.