I'm implementing a parallel block cipher (Morus, to be precise) in CTR mode and I'd like to make it flexible with respect to the number of threads. It is not difficult per se, as I can partition the message and distribute chunks to any number of threads quite easily, since CTR mode permits an embarrassingly parallel implementation with basically no challenges. Let's say a user decides to encrypt their code with 2 threads, and let's say that my implementation assigns to every thread the same (IV, key) pair. The second half of the first chunk will be encrypted by a cipher whose internal state depends on the previous steps, i.e., initialization with IV+key and encryption of the first half of the chunk. Now, let's say that the same user attempts decrypting the same message with 4 threads. The second thread will tackle its chunk decryption (which is the second half of the first chunk from encryption step) right after initialization with IV+key. So, it will decrpyt that part of the message in a different state from the one in which it was encrypted. Will the decryption have success!? I think it won't, because that invisible internal state contributes to the output. So, if that is the case, how can I achieve my purpose? Should I initialize the cipher at every block encryption/decryption (so once every 16/32 bytes, multiple times per thread)? Any ideas?
Thank you in advance.
