Cryptography Reference
In-Depth Information
...
x
1
x
2
x
3
x
n
C
C
C
C
y
1
y
2
y
3
y
n
...
Figure 2.5.
ECB mode.
Information Leakage by Block Collisions
If two plaintext blocks are equal (say
x
i
=
x
j
), then the two corresponding ciphertext
blocks are equal. The equality relation is an information which leaks.
This would not be a problem if the plaintext blocks were totally random as the
probability of equalities would be reasonably low. However, real plaintexts have lots of
redundancy in practice, so equalities are frequent.
Integrity Issues
Although encryption is assumed to protect confidentiality, and not integrity, a third
party can intercept the ciphertext and permute two blocks. The legitimate recipient of
the modified ciphertext will decrypt the message correctly and obtain two permuted
plaintext blocks.
Similarly, a block can be deleted, replaced by another one,
etc.
The plaintext is
thus easily malleable by an adversary.
2.2.2 Cipher Block Chaining (CBC)
The plaintext
x
is split into 64-bit blocks
x
1
,...,
x
n
, and the ciphertext
y
is the concate-
nation of blocks which are obtained iteratively. We have an initial vector IV which is a
fake initial block. As illustrated in Fig. 2.6, encryption is performed by the following
rules.
x
=
x
1
||
x
2
||···||
x
n
y
0
=
IV
y
i
=
C
(
y
i
−
1
⊕
x
i
)
y
=
y
1
||
y
2
||···||
y
n
CBC decryption is easily performed by the following rules.
y
=
y
1
||
y
2
||···||
y
n
y
0
=
IV
C
−
1
(
y
i
)
x
i
=
y
i
−
1
⊕
x
=
x
1
||
x
2
||···||
x
n
Search WWH ::
Custom Search