Cryptography Reference
In-Depth Information
Problems
5.1.
Consider the storage of data in encrypted form in a large database using AES.
One record has a size of 16 bytes. Assume that the records are not related to one
another. Which mode would be best suited and why?
5.2.
We consider known-plaintext attacks on block ciphers by means of an exhaus-
tive key search where the key is
k
bits long. The block length counts
n
bits with
n
>
k
.
1. How many plaintexts and ciphertexts are needed to successfully break a block
cipher running in ECB mode? How many steps are done in the worst case?
2. Assume that the initialization vector IV for running the considered block cipher
in CBC mode is known. How many plaintexts and ciphertexts are now needed to
break the cipher by performing an exhaustive key search? How many steps need
now maximally be done? Briefly describe the attack.
3. How many plaintexts and ciphertexts are necessary, if you do
not
know the IV?
4. Is breaking a block cipher in CBC mode by means of an exhaustive key search
considerably more difficult than breaking an ECB mode block cipher?
5.3.
In a company, all files which are sent on the network are automatically en-
crypted by using AES-128 in CBC mode. A fixed key is used, and the IV is changed
once per day. The network encryption is file-based, so that the IV is used at the
beginning of every file.
You managed to spy out the fixed AES-128 key, but do not know the recent IV.
Today, you were able to eavesdrop two different files, one with unidentified content
and one which is known to be an automatically generated temporary file and only
contains the value
0xFF
. Briefly describe how it is possible to obtain the unknown
initialization vector and how you are able to determine the content of the unknown
file.
5.4.
Keeping the IV secret in OFB mode does not make an exhaustive key search
more complex. Describe how we can perform a brute-force attack with unknown IV.
What are the requirements regarding plaintext and ciphertext?
5.5.
Describe how the OFB mode can be attacked if the IV is
not
different for each
execution of the encryption operation.
5.6.
Propose an OFB mode scheme which encrypts one byte of plaintext at a time,
e.g., for encrypting key strokes from a remote keyboard. The block cipher used is
AES. Perform one block cipher operation for every new plaintext byte. Draw a block
diagram of your scheme and pay particular attention to the bit lengths used in your
diagram (cf. the descripton of a byte mode at the end of Sect. 5.1.4).
5.7.
As is so often true in cryptography, it is easy to weaken a seemingly strong
scheme by small modifications. Assume a variant of the OFB mode by which we
only feed back the 8 most significant bits of the cipher output. We use AES and fill
the remaining 120 input bits to the cipher with 0s.
