Calculating ciphertext sizes

Robert J. Hansen rjh at
Tue Jul 12 01:06:10 CEST 2011

> At any rate, the mathematics table of predicting the output of each input,
> without compression or signing, would be very handy. Curious how you got
> the numbers from before.

AES is a 128-bit block cipher: it is incapable of producing outputs except in multiples of 128 bits (16 bytes).  ECB mode is the simplest of all cipher operation modes: you read a block of plaintext (in this case, 16 bytes), if you read less than a block you null-pad it out to a block, you encrypt it, you move to the next block of plaintext.  Hence, for a given size of plaintext, the AES-ECB output will be 16*ceil(size/16).

3DES is a 64-bit block cipher: ditto, except now it's 8 bytes.  If you're running it in CBC mode then your first block of output is actually the initialization vector you're using for the output stream.  So this will be 8*ceil(size/8) + 8, which I algebraically reduced to 8*(ceil(size/8) + 1).

A good crypto reference book (I'd recommend _The Handbook of Applied Cryptography_: it's old, but it's aged well) will describe the various operation modes.  Once you understand how the modes work and what the block size is of your cipher, you can start crunching the numbers.  The algebra is pretty simple, but understanding the modes and what kinds of output they create can sometimes be a pain in the posterior.  Some modes are very straightforward (ECB, CBC, etc.), and others are fairly complex.  I'll pay $5 to anyone who can recreate Sophie Germain Counter Mode [1] from memory.  ;)


More information about the Gnupg-users mailing list