Suppose we have a function that returns a chipertext of a known plaintext that has been encrypted twice with AES-ECB with two unknown keys, is it possible to get both keys ?
Asked
Active
Viewed 432 times
2 Answers
1
No, you cannot get either of the keys for the simple reason that any block cipher should protect the key against any attack, including known plaintext attacks. In which mode the cipher is used doesn't matter.
There are attacks possible on block ciphers if they are used with separate keys. But as long as the keys are used once, for one particular purpose then it is unlikely that you run into problems until the amount of ciphertext is really high. In your scheme you'd have to iterate through both keys to attack it this way.
As mentioned in the comments, this change does not make ECB secure because you can still distinguish identical plaintext blocks as the ciphertext would match. Furthermore, double ECB is prone to meet in the middle attacks. Using a larger key and / or a more complex block cipher would be preferable.
Maarten Bodewes
- 92,551
- 13
- 161
- 313
0
If you have a 256 bit chunk of plaintext and ciphertext then in ECB mode you make it much much easier to get the AES key especially if precalculations are involved and if a key is derived from a bad password (dictionary attack). Shit stacks up... If you encrypt the plaintext twice with 2 different AES keys, then you make it more difficult of course. Nevertheless, better just do not use ECB mode in the first place. CBC is the king of the hill :)
user106117
- 1
- 1