Approved_users, bureaucrat, administrator
1,956
edits
| As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com. |
Changes
→Background on Attack
The following uses the notation from [http://iotworm.eyalro.net/ IoT Goes Nuclear: Creating a ZigBee Chain Reaction].
Assume first the basic AES-ECB cipher is $<math>CT = E_k(PT)$</math>, where we are encrypting a block with secret key $<math>k$</math>.
AES-CCM combines AES-CTR mode and AES-CBC mode as mentioned. We could consider AES-CTR to be performing the following operation:
</math>
The problem with a straight-forward CPA attack on CTR mode is only 2 bytes vary (the number of bytes with <math>m</math>), so the CPA attack cannot recover all bytes of the key. A solution to this is presented in the paper
== Performing Attack ==
