Skip to main content

Counter Mode for Long Messages and a Long Nonce

  • 178 Accesses

Part of the Lecture Notes in Computer Science book series (LNCS,volume 13301)


This paper proposes “Compound-CTR” mode—a simple variation of Counter mode (CTR) with an n bits block cipher. Its goal is to increase the allowed length of a single message and the total number of messages that can be encrypted under a single key.

Compound-CTR encrypts a message and a (randomly chosen) nonce with length greater or equal n bits. It uses a master key to derive a nonce-based encryption key and subsequently uses it for encrypting the message in CTR mode.

We show how Compound-CTR mode achieves its goal and explain why it can be used as a valid variation of CTR mode that could be of interest in some practical scenarios. Compared to CTR mode, the overhead of Compound-CTR is only the per-message key derivation and one extra key expansion (for the block cipher). We show here key derivation options that require only a few extra block cipher calls.


  • Block ciphers
  • Modes of operation
  • Counter mode

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-031-07689-3_17
  • Chapter length: 8 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
USD   79.99
Price excludes VAT (USA)
  • ISBN: 978-3-031-07689-3
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   99.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.


  1. Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: FOCS, pp. 394–403. IEEE Computer Society (1997)

    Google Scholar 

  2. Dworkin, M.: SP 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. NIST, November 2007.

  3. Iwata, T.: New blockcipher modes of operation with beyond the birthday bound security. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 310–327. Springer, Heidelberg (2006).

    CrossRef  Google Scholar 

  4. Iwata, T., Mennink, B., Vizár, D.: CENC is optimally secure. Cryptology ePrint Archive, Report 2016/1087 (2016).

  5. Lucks, S.: The sum of PRPs Is a secure PRF. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 470–484. Springer, Heidelberg (2000).

    CrossRef  Google Scholar 

  6. Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). RFC 3610, September 2003.,

Download references


This research was supported by: NSF-BSF Grant 2018640; The Israel Science Foundation (grant No. 3380/19); The Center for Cyber Law and Policy at the University of Haifa, in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Shay Gueron .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Gueron, S. (2022). Counter Mode for Long Messages and a Long Nonce. In: Dolev, S., Katz, J., Meisels, A. (eds) Cyber Security, Cryptology, and Machine Learning. CSCML 2022. Lecture Notes in Computer Science, vol 13301. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-07688-6

  • Online ISBN: 978-3-031-07689-3

  • eBook Packages: Computer ScienceComputer Science (R0)