Attack on AES/DES

nivedita

12/15/23, 9:12 AM

Can we devise an attack on AES or DES (ECB mode) if we know just the distribution for the plaintext? For example, it is a English plain text -- we know what that would look like and the relative frequencies of letters, bigrams, and trigrams?

Has anyone come across such type of attacks, it is a advanced version of known-plaintext attack. Most of the known-plaintext attack use uniformly distributed plaintext.

2 + 1

des

aes

known-plaintext-attack

fgrieu

12/15/23, 9:18 AM

DES and AES are block ciphers. As such, they encrypt fixed-size block, and "distribution for the plaintext" for an 8 or 16-byte block is not very meaningful (and not much useful for cryptanalysis). Thus the question can only make sense for AES or DES used in some encryption system, which the question does not specify. See [common modes of operation of block ciphers](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation) used as the basis of many encryption systems.

Score:1

Crypto

DannyNiu

12/15/23, 9:19 AM

A canonical question on this site lists several models against which a cipher must be secure in modern days. In essence, if used with a proper mode of operation, the premise that the frequence of plaintext alphabet being skewed does not render the cipher insecure in any way.

Also, the canonical question is collected in our reading list if you're interested.

+ 0

Score:0

Crypto

Daniel S

12/15/23, 9:53 AM

Kind-of, sort-of. The weakness of ECB mode is the lack of interaction between blocks that causes identical plaintext blocks to produce identical ciphertext blocks. This leads to an attack sometimes termed the Tux attack where the identification of identical ciphertext blocks reveals information about the overall plaintext.

This can apply at the language level. If our plaintext is English language encoded in ASCII then for DES we have plaintext blocks distributed roughly according to the octagram frequency of English and for AES the hexadecagram frequency. These are both quite weak statistics as the space of possible octagrams and hexadecagrams is large (though still significantly smaller than the input space of the block ciphers, and significantly non-uniform). However, given a very large or very structured corpus, it is possible to obtain some information from repeated blocks.

This is particularly relevant when ECB mode is used to encrypt databases so that they remain searchable. I have one exercise that I sometimes present to high schoolers of an encrypted database with several repeated values and based on a well-known set of information. They are often able to recover 60-80% of the database entries based on the repeats and knowledge of some of the information.

+ 2

nivedita

12/15/23, 9:59 AM

Can you share some research work done in this domain?

Daniel S

12/15/23, 10:04 AM

Doing some digging around, you should check the references to a very good answer by @kelalaka on a related question [How can frequency analysis be applied to modern ciphers](https://crypto.stackexchange.com/questions/74786/how-can-frequency-analysis-be-applied-to-modern-ciphers)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Attack on AES/DES

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.