IV/Counter Help for AES-CTR

As a hobby right now, I am writing a fork of archive/zip to allow reading/writing of password protected .zip files that use Winzip’s AES encryption method http://www.winzip.com/aes_info.htm. There was a request for this feature here and on the golang issue tracker. But, I’ve hit a brick wall when it comes to the initialization vector used as input in to AES-CTR. I’ve written a small demo that helps explain my problem: http://play.golang.org/p/YTByCFClJZ. You will have to run this outside of the playground to work. But that example successfully decrypts the contents “Hello World\r\n”.

My confusion comes from the lines:

// Generate the IV (or counter?)
var iv [aes.BlockSize]byte
iv[0] = 1 // Why is this 1 instead of 0?!?!?!?

When I first implemented this I left off the iv[0]=1 which failed to decrypt the correct contents. It was just by chance that I decided to try out iv[0]=1 and it worked! The reason I’m confused is because all the information that I’ve read says that the IV (or counter) starts off at 0 not 1. See the 9th slide here: https://www.cs.jhu.edu/~astubble/dss/winzip.pdf. Maybe I have the IV and counter confused?

Anyone have any insights into this?

EDIT: I believe I have an answer to my question. I looked at the source for DotNetZip library for C# to see how they do it. It looks like the IV is called “nonce” that they set to 1 and is concatenated together with an internal counter. I need to do some more testing to confirm.

Right - the IV starts with 1, and the counter starts at 0.

Nonce is a term I remember as “number only once” - or a number used only once. An IV is usually a nonce in practice.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.