# Understanding Cryptography by Christof Paar and Jan Pelzl - Chapter 5 Solutions - Ex5.5

- 1 min- Return to index
- Exercise 5.1
- Exercise 5.2
- Exercise 5.3
- Exercise 5.4
- Exercise 5.5
- Exercise 5.6
- Exercise 5.7
- Exercise 5.8
- Exercise 5.9
- Exercise 5.10
- Exercise 5.11
- Exercise 5.12

## Exercise 5.5

Describe how the OFB mode can be attacked if the IV is not different for each execution of the encryption operation.

### Solution

*This solution is verified as correct by the official Solutions for Odd-Numbered Questions manual.*

Assuming that the key remains the same, encrypting with the same IV will produce the exact same keystream as previous encryptions.

If no plaintext/ciphertext pairs are known, then there’s no way to use this fact to attack the cipher. However, if you have a chosen plaintext for a given block \(b_i\) in message \(m_1\), this can be XORed with the known ciphertext to derive the keystream for that block. The keystream can then be used to decrypt block \(b_i^\prime\) in message \(m_2\) (which was encrypted using the same IV and so produced the same keystream).