2

I'm brute forcing a ciphertext with a given dictionary to figure out which key was used. However, it's been hinted at that there is a way to narrow down the dictionary to a smaller subset of possibilities.

I know the plaintext, its ciphertext, and the IV (0). It was encrypted using AES-128-CBC and no salting was used during encryption.

At first I thought I was onto something because of: $C_j = E_k(P_j \oplus IV)=E_k(P_j)$ for IV = 0. But I was dead in my tracks right after. Is this situation even plausible or am I barking up the wrong tree?

Alex
  • 21
  • 1

1 Answers1

3

Very simple, attacks on the block cipher mode of operation do not translate to attacks on the block cipher itself. The block cipher is simply a component within the mode of operation after all.

The only time where the block cipher may come under attack is if the key is somehow changed to a related key in the scheme. This is somewhat of an issue for AES-256 if it is used as component for a secure hash algorithm, where the key schedule becomes an issue. That has absolutely nothing to do with CBC mode for a particular key as in your question.

AES, as a block cipher, is supposed to be not vulnerable against known plaintext attacks. As such, the key cannot be found by knowing any information about the plaintext. So you are indeed dead in your tracks.

Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313