Would it, though? Either way you're operating in ECB mode with 2^32 or 2^64 values. Why is one more secure than the other?

EDIT: What I mean is you can do cypher = truncate(plain ^ AES(zero_extend(plain))).

▲ 201984 2 hours ago | parent [-]

>EDIT: What I mean is you can do cypher = truncate(plain ^ AES(zero_extend(plain))).

How would you decrypt that though? You truncated 3/4ths of the AES output needed to decrypt it.

I thought you were suggesting this:

  ciphertext = truncate(AES(key) ^ plaintext)

And in this case, since AES(key) does not depend on the plaintext, it would just be XOR by a constant.

	▲	fluoridation an hour ago \| parent [-]
		You're right, my bad. I guess if you have strict size requirements it does make sense to use small block sizes.