I am trying to understand how XOR operation can lead us to know the plaintext if we can predict the iv using the chosen plaintext attack game.
Asked
Active
Viewed 57 times
0
-
Take a look at CBC as it's described on e.g. Wikipedia. Recall that the AES block cipher is inherently deterministic - that is for a fixed key and 16-byte input, its output will always be the same. Can you then think of how to carefully craft two messages which to submit to the encryption oracle, such that you will afterwards be able to recognize which of the two was encrypted, having previously seen encryptions of plaintexts of your choice? – Morrolan Oct 03 '22 at 16:32
-
please edit your post to show what you mean by IV1, IVNew and PlainText. – Morrolan Oct 03 '22 at 19:39
-
Why is CBC with predictable IV considered insecure against chosen-plaintext attack? – kelalaka Oct 03 '22 at 22:49