AES-CTR double encryption reverses the ciphertext to plaintext

Question

When I try to encrypt the ciphertext again with the same key, it produces the original plaintext.

Algoritm used is AES with COUNTER MODE. Key and IV remains the same.

Is this the way the algorithm is supposed to behave? And if, what is the use of Cipher.ENCRYTMODE which is to be given as the first parameter of Cipher.init()?

Here is the sample program with which I tested,

import javax.crypto.*;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

public class EncryptionTest {

    public static void main(String[] args) throws Exception {
        SecretKeySpec key = null;
        IvParameterSpec ivSpec = null;
        byte[] keyBytes = "usethiskeyusethiusethiskeyusethi".getBytes();
        byte[] ivBytes = "usethisIusethisI".getBytes();
        key = new SecretKeySpec(keyBytes, "AES"); //No I18N
        ivSpec = new IvParameterSpec(ivBytes);

        Cipher AesCipher = Cipher.getInstance("AES/CTR/NoPadding");


        byte[] byteText = "Your Plain Text Here".getBytes();

        AesCipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
        byte[] byteCipherText = AesCipher.doFinal(byteText);
        System.out.println("Encrypted : " + new String(byteCipherText));

        AesCipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
        byte[] bytePlainText = AesCipher.doFinal(byteCipherText);
        System.out.println("Double Encrypted : " + new String(bytePlainText));
    }
}

There is no need for that to produce the original text. Please run the sample program. — Sudershan, Jun 25 '15 at 12:02
Your first version contained "Decrypted" instead of "Double Encrypted" — mp911de, Jun 25 '15 at 12:04
@Sudershan I get `java.security.InvalidKeyException: Illegal key size` trying to run this? — xrisk, Jun 25 '15 at 12:06
@RishavKundu By default java doesn't allow us to encrypt with a key more than 16 bytes.... — Sudershan, Jun 25 '15 at 12:09
@Sudershan http://crypto.stackexchange.com/questions/2314/does-encrypting-twice-using-the-same-block-cipher-produce-a-security-weakness — xrisk, Jun 25 '15 at 12:17
@RishavKundu I read that post before asking the question here. Just wanna make sure that javax.crypto AES-256 CTR behaves this way. And is there any work around which could prevent this. Thanks for your effort though. — Sudershan, Jun 25 '15 at 12:24

Artjom B. · Accepted Answer · 2015-06-25T12:40:33.643

Yes, that is expected behavior. The CTR mode of operation for block ciphers makes a stream cipher out of a block cipher. Since stream ciphers work in a way that they generate a keystream and XOR the keystream with the plaintext to produce the ciphertext:

plaintext XOR AES-CTR(nonce, key) = ciphertext

The XOR operation works in a way where XORing x with a key k twice results in x again:

x ^ k ^ k = x

This is the reason why encryption and decryption are exactly the same operation for block ciphers in CTR mode (sans nonce generation and putting it into the ciphertext).

If you don't want that the encryption and decryption algorithm are the same, then you should use a different mode such as CBC, but there is nothing wrong with this kind of thing.

Beware that for CTR mode to be secure, you have to use a different nonce/IV under the same key for every encryption.

AES-CTR double encryption reverses the ciphertext to plaintext

1 Answers1