
Title:
0217 Cbc Initialization Vector Solution

Description:

The answer is the second choicethat you can recover almost the full message

everything except for the very first block

that the point of the initialization vector is just to hide

repetition among encryptions that would appear just looking at the first block.

And the reason for thiswe can look at how the encryption mode behaves

We saw that for all of the blocks except for the first one, the value of C_i

is the encryption of the value m_iinclude my key thereand we saw for

the way the encryption mode works, C_i is equal to the encryption

using the key K of M_i EXOR C_(i 1). The exception to that is block C_0.

Where that's the value of encrypting m_0 EXOR'd with IV.

So we didn't explain how to do decryption.

But from the way the encryption was, you should be able to figure that out.

We can look at this backwardsso in order to get the last message block

well, what we need to do is decrypt using key K, and input to decrypt

is this last ciphertext block. So we're going backwards

we're decrypting. We don't have the message block yet. To get the message block,

We need to do the EXOR to get the message block N  1

and so that means we're EXORing that with the ciphertext value

of the previous block, which we already have.

Remember we haveto decrypt, we start wtih all the ciphertext blocks.

So this is how we decrypted the last block, but each

block is the same. To get message block i, we need to decrypt ciphertext block i,

and EXOR that with the previous ciphertext block.

So we can do that for all the blocks, except forwe have this exception

for the last one. The encryption for the last one used this IV

to get the last message block, what we need to do is decrypt

the last ciphertext blockor the first ciphertext blockwe're going backwards now.

And then EXOR that result with the IV.

So if we lose the IV but don't lose the key,

and don't lose the ciphertext, we've lost just the first block.

And if the IV was selected perfectly at random, well,

we have no information at all about the first block.

Because whatever we get out of this decryption is EXOR'd with that IV

to get the message. So if we have no information about the IV,

we have no information about the first message block.

But we can decrypt all the other blocks.