Approved_users, bureaucrat, administrator
1,956
edits
| As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com. |
Changes
→Breaking AES-CBC Encryption with unknown I.V.
In the true algorithm we have the case of:
<math>AddRoundKey(k, CBC_{m-1} \oplus CTPT)</math>
And when we use our modified key, we are feeding the CT PT directly into AddRoundKey:<math>AddRoundKey(k', CTPT)</math>
Where the <math>k'</math> basically includes those additional constants, instead of them being added to the plaintext as part of the ciphertextinput processing. Ultimately it means the output of AddRoundKey, and thus processing of later rounds, is identical in both cases. So we can perform a CPA attack on the 2nd-round key, and directly recover the "true" first-round key by rolling back the key schedule.
This is the solution now - we simply perform a CPA attack on the 2nd round of the AES algorithm, where we use the AES algorithm to determine the inputs to the second-round based on our modified key& the known plaintext.
== Performing Attack ==
