I have been recently going through a question: https://security.stackexchange.com/questions/15767/what-do-key-size-and-block-size-mean-in-cryptography and it created in me a series of doubts. Referring to the 2nd answer you may find the information that there is 50 percent chance of repetition of a duplicate block if we receive the square root of total amount of data. If some how a block is repeated how can it be cracked? How does the information gets leaked?
Asked
Active
Viewed 1,772 times
2 Answers
6
The exact information leaked depends on the mode of operation that is in use. The simplest case is ECB, where a duplicate ciphertext block means that the corresponding plaintext blocks are also equal.
For the CBC mode, when two ciphertext block are equal, i.e. $C_i=C_j$, we know that there was equality before applying the block cipher. This in turn implies:$$C_{i-1}\oplus P_i=C_{j-1}\oplus P_j.$$ Equivalently, you are learning that $P_{i}\oplus P_j=C_{i-1}\oplus C_{j-1}$.
EDIT The equality comes from the fact that in CBC mode, $C_i=E_K(C_{i-1}\oplus P_i)$ where $E_K$ denotes the block cipher in use.
minar
- 2,202
- 14
- 25
-
How can one prove this equality?? – Nithin Jose Jul 17 '13 at 18:09
4
See minar's answer if you used ECB or CBC mode to encrypt (and CFB mode is similar to CBC mode -- if you find a colliding pair, you can deduce the relationship between two plaintext blocks).
On the other hand, one of the things that Major Major ignores is that there are modes for which a duplicate block does not leak anything. Consider counter mode (CTR); this can be defined as:
$$C_i = P_i \oplus E_k(i)$$
If we were to happen to find two blocks:
$$C_i = C_j$$
all that would tell us is:
$$P_i \oplus P_j = E_k(i) \oplus E_k(j)$$
However, since we have no information on $E_k(i) \oplus E_k(j)$ (other than that it's not zero), we can't deduce anything about $P_i, P_j$ (other than the fact that they're not the same).
Counter mode does have some data leakage if you go past the birthday boundary; however it is far more subtle than information about individual blocks.
poncho
- 147,019
- 11
- 229
- 360
-
That's right. However, with CTR mode, you need to be extremely careful when managing the counter. Because if you mistakenly repeat an counter value than you get a parallel message attack on a run of blocks. – minar Jul 17 '13 at 19:37
-
@minar: that is quite true; CTR mode does have its drawbacks. My point that it does not have the specific drawback that Major Major was pointing out. – poncho Jul 17 '13 at 20:28