Score:1

Does keeping the IV secret in OFB mode makes brute-force more complex?

cl flag

If we keep the IV secret, does that increase the complexity of finding the correct key? My first thought is that it increases complexity, but in real world, I can see that IV's aren't kept secret. We can assume that we have reasonable amount pairs of (x,y) plaintext-ciphertext.

fgrieu avatar
ng flag
Hint: assume IV unknown and the first two blocks of plaintext are known. What's the complexity of the attack? Compare to IV known and first block known. That applies to OFB, CFB, CBC.
Yotam Sofer avatar
cl flag
Ok, same complexity as brute-force. And what if we have only the first block known (with IV unknown)? then the complexity will skyrocket, am I right?
fgrieu avatar
ng flag
Yes. If the IV and rest of plaintext (if any) are random and unknown, there is precisely nothing even an infinite-power adversary can deduce about the key from the one block of known plaintext and the OFB ciphertext.
Score:1
cl flag

Keeping the IV secret won't help increasing the complexity. Here is why: Assume we have two consecutive plaintext-ciphertext pairs (x1,y1) (x2,y2) We will now brute-force all key options: For each key, we will xor each x with y:

  1. z1 = x1^y1
  2. z2 = x2^y2 Note that z1 = encrypt(IV) and z2 = encrypt(encrypt(IV)): x1^y1 = e(IV)

What we should do is to encrypt x1^y1, and if it is the correct key, it will be equal to x2^y2.

Note that Sometimes there can be false positive, so we should have more than 2 pairs of plaintext-ciphertext.

fgrieu avatar
ng flag
The "Note that z1 = encrypt(IV) and z2 = encrypt(encrypt(IV)): x1^y1 = e(IV)" is specific to (x1,y1) (x2,y2) being the first two block. But the rest of attack also works for any pair of consecutive later blocks.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.