![]() ![]() ![]() And then suppose we have an adversary that makes q chosen plaintext queries. Okay, so the following theorem is going to show that in fact CBC mode encryption with a random IV is in fact semantically secure under a chosen plaintext attack, and so let's take that more precisely, basically if we start with a PRP, in other words, our block cipher E, that is defined over a space X, then we are gonna to end up with a encryption algorithm Ecbc that takes messages of length L and outputs ciphertexts of length L+1. ![]() So let me ask you how would you decrypt that? So given the first ciphertext block, how would you recover the original first plaintext block? So decryption is actually very similar to encryption, here I wrote down the decryption circuit, you can see basically it's almost the same thing except the XOR is on the bottom, instead of on the top, and again you realize that essentially we chopped off the IV as part of the decryption process and we only output the original message back, the IV is dropped by the decryption algorithm. So the first question is how do we decrypt the results of CBC encryption, and so let me remind you again that if when we encrypt the first message block we XOR it with the IV, encrypt the result and that becomes the first ciphertext block. So you notice that the cIphertext is a little bit longer than the plain text because we had to include this IV in the cIphertexts which basically captures the randomness that was used during encryption. And we're going to be seeing that term used quite a bit, every time we need to pick something at random at the beginning of the encryption scheme typically we'll call that an IV for initialization vector. I should say that IV stands for Initialization Vector. So this is cIpher block chaining, you can see that each cIpher block is chained and XORed into the next plaintext block, and the final ciphertext is going to be essentially the IV, the initial IV that we chose along with all the ciphertext blocks. So we XOR the two together and the encryption of that becomes the second ciphertext block. And now comes the chaining part where we actually use the first block of the ciphertext to kind of mask the second block of the plaintext. And then the result is gonna be encrypted using the block cipher and output of the first block of the ciphertext. And then we're gonna run through the algorithm here, the IV basically that we chose is gonna be XORed to the first plain text block. So in the case of AES the IV would be 16 bytes. So the encryption algorithm when it's asked to encrypt a message m, the first thing it's going to do is it's going to choose a random IV that's exactly one block of the block cipher. So now let's define CBC to be the following encryption scheme. So suppose we have a block cipher, so EB is a block cipher. In particular, we are going to look at a mode called cipher block chaining with a random IV. Cipher block chaining is a way of using a block cipher to get chosen plaintext security. So here is how cipher block chaining works. And the first such encryption scheme is going to be called cipher bock chaining. ![]() Now that we understand chosen plaintext security, let's build encryption schemes that are chosen plaintext secure. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |