Cryptography Reference
In-Depth Information
we would encrypt each block, say, 1000 times, this would not prevent the attack. It
should be stressed, however, that this is not an attack that breaks the block cipher
itself. Messages that are unknown to Oscar still remain confidential. He simply re-
placed parts of the ciphertext with some other (previous) ciphertexts. This is called
a violation of the
integrity
of the message. There are available techniques for pre-
serving the integrity of a message, namely message authentication codes (MACs)
and digital signatures. Both are widely used in practice to prevent such an attack,
and are introduced in Chaps. 10 and 12. Also, the Galois Counter mode, which is
described below, is an encryption mode with a built-in integrity check. Note that this
attack only works if the key between bank A and B is not changed too frequently.
This is another reason why frequent key freshness is a good idea.
We now look at another problem posed by the ECB mode.
Example 5.2. Encryption of bitmaps in ECB mode
Figure 5.3 clearly shows a major disadvantage of the ECB mode: Identical plaintexts
are mapped to identical ciphertexts. In case of a simple bitmap, the information (text
in the picture) can still be read out from the encrypted picture even though we used
AES with a 256-bit key for encryption. This is because the background consists of
only a few different plaintext blocks which yields a fairly uniformly looking back-
ground in the ciphertext. On the other hand, all plaintext blocks which contain part
of the letters result in random-looking ciphertexts. These random-looking cipher-
texts are clearly distinguishable from the uniform background by the human eye.
Fig. 5.3
Image and encrypted image using AES with 256-bit key in ECB mode
