English subtitles

← 02-17 Cbc Initialization Vector Solution

Get Embed Code
1 Language

Showing Revision 1 created 04/27/2012 by Amara Bot.

  1. The answer is the second choice--that you can recover almost the full message--
  2. everything except for the very first block--
  3. that the point of the initialization vector is just to hide
  4. repetition among encryptions that would appear just looking at the first block.
  5. And the reason for this--we can look at how the encryption mode behaves--
  6. We saw that for all of the blocks except for the first one, the value of C_i
  7. is the encryption of the value m_i--include my key there--and we saw for
  8. the way the encryption mode works, C_i is equal to the encryption
  9. using the key K of M_i EXOR C_(i -1). The exception to that is block C_0.
  10. Where that's the value of encrypting m_0 EXOR'd with IV.
  11. So we didn't explain how to do decryption.
  12. But from the way the encryption was, you should be able to figure that out.
  13. We can look at this backwards--so in order to get the last message block--
  14. well, what we need to do is decrypt using key K, and input to decrypt
  15. is this last ciphertext block. So we're going backwards--
  16. we're decrypting. We don't have the message block yet. To get the message block,
  17. We need to do the EXOR to get the message block N - 1
  18. and so that means we're EXORing that with the ciphertext value
  19. of the previous block, which we already have.
  20. Remember we have--to decrypt, we start wtih all the ciphertext blocks.
  21. So this is how we decrypted the last block, but each
  22. block is the same. To get message block i, we need to decrypt ciphertext block i,
  23. and EXOR that with the previous ciphertext block.
  24. So we can do that for all the blocks, except for--we have this exception
  25. for the last one. The encryption for the last one used this IV--
  26. to get the last message block, what we need to do is decrypt
  27. the last ciphertext block--or the first ciphertext block--we're going backwards now.
  28. And then EXOR that result with the IV.
  29. So if we lose the IV but don't lose the key,
  30. and don't lose the ciphertext, we've lost just the first block.
  31. And if the IV was selected perfectly at random, well,
  32. we have no information at all about the first block.
  33. Because whatever we get out of this decryption is EXOR'd with that IV
  34. to get the message. So if we have no information about the IV,
  35. we have no information about the first message block.
  36. But we can decrypt all the other blocks.