Understanding Cryptography by Christof Paar and Jan Pelzl - Chapter 5 Solutions - Ex5.5

- 1 min

Exercise 5.5

Describe how the OFB mode can be attacked if the IV is not different for each execution of the encryption operation.


This solution is verified as correct by the official Solutions for Odd-Numbered Questions manual.

Assuming that the key remains the same, encrypting with the same IV will produce the exact same keystream as previous encryptions.

If no plaintext/ciphertext pairs are known, then there’s no way to use this fact to attack the cipher. However, if you have a chosen plaintext for a given block in message , this can be XORed with the known ciphertext to derive the keystream for that block. The keystream can then be used to decrypt block in message (which was encrypted using the same IV and so produced the same keystream).

Thomas Busby

Thomas Busby

I write about computing stuff

comments powered by Disqus
rss facebook twitter github youtube mail spotify instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora