Score:0

CBC mode, fixed Key and IV but unique plaintexts

cn flag

My transport channel is sufficiently tiny that I don't want to give up 16 bytes for an IV (AES block size). My environment is also resource constrained such that I have no RNG.

I have read over and over about why fixed K and IV are bad, yet the most common 'warning' is that same plaintexts are revealed by same ciphertexts.

My plaintexts will be between 16 and ~300 bytes and will always be unique, even in the first 16 bytes. My system also has no opportunity for an attacker to request processing of chosen PT nor CT.

In this specific domain, is fixed IV and fixed K still a problem? If so, what problems am I up against? Obviously key derivation is the worst, but I don't see how this is possible. I had planned on AES-CBC.

Maarten Bodewes avatar
in flag
Maybe check out AES-(GCM-)SIV mode? In transport security, you generally want some kind of message integrity / authentication anyway. If a unique message can replace a random IV depends on the mode and details; try it with counter mode and you'd be in trouble as that mode is not plaintext aware.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.