# Understanding Cryptography by Christof Paar and Jan Pelzl - Chapter 5 Solutions - Ex5.5

- 1 min- Return to index
- Exercise 5.1
- Exercise 5.2
- Exercise 5.3
- Exercise 5.4
- Exercise 5.5
- Exercise 5.6
- Exercise 5.7
- Exercise 5.8
- Exercise 5.9
- Exercise 5.10
- Exercise 5.11
- Exercise 5.12

## Exercise 5.5

Describe how the OFB mode can be attacked if the IV is not different for each execution of the encryption operation.

### Solution

*This solution is verified as correct by the official Solutions for Odd-Numbered Questions manual.*

Assuming that the key remains the same, encrypting with the same IV will produce the exact same keystream as previous encryptions.

If no plaintext/ciphertext pairs are known, then there’s no way to use this fact to attack the cipher. However, if you have a chosen plaintext for a given block in message , this can be XORed with the known ciphertext to derive the keystream for that block. The keystream can then be used to decrypt block in message (which was encrypted using the same IV and so produced the same keystream).