What would be the consequences of using a IV smaller than the block size in CBC encryption?

phantomcraft

9/7/23, 6:24 PM

Here I use a Threefish kernel module with CBC mode. But there is no hash function that can supply a IV with Threefish block size (1024-bits), so I use a 64-bit random IV inserted in the dm-crypt with cryptsetup --skip option.

I know that the ideal size for an IV in CBC encryption is the same size of the block, but, what would be the consequences of using an IV smaller that the block size in CBC encryption?

PS.: I keep my IV secret (it's used in a command line inside a shell script).

0 + 0

encryption

block-cipher

initialization-vector

cbc

blocksize

Maarten Bodewes

9/7/23, 7:23 PM

You can encrypt the current IV and use *the result* as new IV, then you've randomized it, and you'd have used the key (or another key) to add the required unpredictability as 64 bits is not enough IMHO. This is what is generally provided by using [ESSIV mode](https://en.wikipedia.org/wiki/Disk_encryption_theory#Encrypted_salt-sector_initialization_vector_(ESSIV)). Are you sure you aren't confusing ESSIV with CBC with a standard IV?

kelalaka

9/7/23, 8:03 PM

XOFs are the key for your requirement - SHAKE128. If you can generate 64-bit random, you can generate 1024 bits, too. The ideal is unpredictable and no IV collision under the same key.

Maarten Bodewes

9/8/23, 11:36 AM

I guess that the disk encryption software here is the limiting factor. What size of IV can it generate? If it handles AES well you'd expect at least an IV of 128 bits, reducing the amount of collisions. As for attacks, there is [this Q/A](https://crypto.stackexchange.com/q/48903/1172) where [user:poncho] shows an attack with an encryption oracle. However, it is very questionable if that attack is feasible when it comes to disk encryption.

phantomcraft

9/8/23, 10:29 PM

@MaartenBodewes I think so, I opened a topic in the cryptsetup repository and the author said the same; there is nothing he can do to allow a larger IV. Also, this attack that [user:poncho] described is scarring, I will use another method for encrypting my stuff.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: What would be the consequences of using a IV smaller than the block size in CBC encryption?

TH: ผลลัพธ์ของการใช้ IV ที่เล็กกว่าขนาดบล็อกในการเข้ารหัส CBC จะเป็นอย่างไร

RO: Care ar fi consecințele utilizării unui IV mai mic decât dimensiunea blocului în criptarea CBC?

RU: Каковы будут последствия использования IV, меньшего, чем размер блока, в шифровании CBC?

VI: Hậu quả của việc sử dụng IV nhỏ hơn kích thước khối trong mã hóa CBC là gì?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.