Posted: Fri Jul 16, 2010 8:09 am Post subject: AES / CBC decryption with known IV
If the IV in CBC mode is set to zero, does that help the attacker decrypt the ciphertext in anyway?
One vulnerability I'm suspecting is that if each block of cipher text in CBC is represented as
Cn = Ek(Cn-1 ⊕ Pn)
Given that IV = 0, it may be possible to find the cipher text Cm such that
Cm = Ek(Pn)
(as if encrypted using ECB mode?)
Joined: 17 Apr 2003 Posts: 16777215 Location: Asheville, NC, US / Uberlāndia, MG, Brazil
Posted: Sun Sep 05, 2010 3:36 am Post subject: Re: AES / CBC decryption with known IV
Just to note, under the chosen-plaintext attack model, if an adversary knows, or can predict, the IV prior to choosing the plaintext, then CBC is insecure; this isn't good, since security against chosen-plaintext attacks is the basic requirement for confidentiality modes of operation, like CBC.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum