如果只知道密钥和明文,则恢复AES IV

时间:2022-07-12 18:25:30

If I decrypt a ciphertext in AES-CBC mode and the decrypted plaintext of the first block does not match the original known plaintext, it is clear that the IV used for decryption does not match the IV used during encryption.

如果我以AES-CBC模式解密密文并且第一个块的解密明文与原始已知明文不匹配,则很明显用于解密的IV与加密期间使用的IV不匹配。

Neither of the IVs used for encryption or decryption is known.

用于加密或解密的IV都不是已知的。

If I knew the ciphertext, I could do the following to find the IV used during encryption (tried it and it works):

如果我知道密文,我可以执行以下操作来查找加密期间使用的IV(尝试过并且可以正常工作):

  1. Set IV=0
  2. x = decrypt(ciphertext, IV)
  3. x =解密(密文,IV)

  4. originalIV = x xor originalPlaintext
  5. originalIV = x xor originalPlaintext

Is there a way to recover the IV that was used in the encryption, given I know the original plaintext (before encryption), the wrong plaintext after decryption and the key?

有没有办法恢复加密中使用的IV,因为我知道原始明文(加密前),解密后的错误明文和密钥?

1 个解决方案

#1


Assuming I understood the question: this is absolutely possible, and absolutely off topic. Notice you shouldn't ask crypto questions on a programmer forum or you'll get all sorts of wrong answers.

假设我理解了这个问题:这绝对是可能的,绝对不是主题。请注意,您不应该在程序员论坛上询问加密问题,否则您将得到各种错误的答案。

Let D be your cipher decryption function. If you have the known plaintext PT, the key K and ciphertext from CBC mode CT then you can recover the first IV used for encryption via:

设D是你的密码解密函数。如果您有已知的明文PT,来自CBC模式CT的密钥K和密文,那么您可以通过以下方式恢复用于加密的第一个IV:

IV0 = D(CT0) ^ PT0

In your steps I assume by decrypt you mean CBC mode. This works because for a single block CBC_Decrypt(K,IV=0,CT) == D(K,CT).

在你的步骤中我假设你解密你的意思是CBC模式。这是有效的,因为对于单个块CBC_Decrypt(K,IV = 0,CT)== D(K,CT)。

#1


Assuming I understood the question: this is absolutely possible, and absolutely off topic. Notice you shouldn't ask crypto questions on a programmer forum or you'll get all sorts of wrong answers.

假设我理解了这个问题:这绝对是可能的,绝对不是主题。请注意,您不应该在程序员论坛上询问加密问题,否则您将得到各种错误的答案。

Let D be your cipher decryption function. If you have the known plaintext PT, the key K and ciphertext from CBC mode CT then you can recover the first IV used for encryption via:

设D是你的密码解密函数。如果您有已知的明文PT,来自CBC模式CT的密钥K和密文,那么您可以通过以下方式恢复用于加密的第一个IV:

IV0 = D(CT0) ^ PT0

In your steps I assume by decrypt you mean CBC mode. This works because for a single block CBC_Decrypt(K,IV=0,CT) == D(K,CT).

在你的步骤中我假设你解密你的意思是CBC模式。这是有效的,因为对于单个块CBC_Decrypt(K,IV = 0,CT)== D(K,CT)。