Is a single digital signature (ECDSA) of an encryption key (AES) enough to verify the legitimacy of all encrypted messages?

Anonymous1121

12/24/23, 5:01 PM

I have an encryption scheme set up with a client and server that utilizes AES 256. What I am curious about is whether or not all information sent from the server to the client can be verified as legitimate using just a single digital signature (ECDSA, secp256k1 specifically) on the key that is sent to the client.

Given a key (k1, k2), and material (m1, m2), I have heard that the following behaviors of a block cipher are possible:

AES(K1,m1)=AES(K2,m1)

AES(K1,m1)=AES(K2,m2)

AES(K1,m1)=m1

(Source: https://crypto.stackexchange.com/a/60477)

Now I am curious, since I am positive that the key is verified as being legitimate, can I just use the client-sided decryption using AES256 with said key and not need any more digital signatures? Would it be possible say, for someone to get the client to decrypt two different messages using the same key in a malicious manner?

EDIT: Just intuitively, it would not seem to me that I would need a signature for every single message I want verified. I feel as though for some reason one single digital signature would be enough to verify legitimacy for all later messages.

1 + 0

aes

Score:1

Crypto

poncho

12/24/23, 5:16 PM

can I just use the client-sided decryption using AES256 with said key and not need any more digital signatures?

Is the key private between the client and the server? If a third party also knows the key, he might be able to replace one of the legitimate ciphertexts with another one that decrypts to something else.

Are you using an authenticating modify of encryption of AES (for example, GCM)? Those have the property that no one who does not know the key can modify one of the ciphertexts with something else without being detected (that is, causing a decryption error on the client). Note that the client needs to protect against replay attacks - that is, the attacker replaces one of the ciphertexts with a previous ciphertext. Authenticating modes have tools to protect against that, however exactly how those tools are used depend on the protocol (and whether it needs to handle out-of-order messages or not).

If you make sure that the answers to the above two questions are "yes", then you're safe - if the client does not detect a decryption failure, then the plaintexts are exactly what the server sent. This is exactly what, for example, TLS depends on.

+ 1

Anonymous1121

12/24/23, 5:51 PM

I am only using AES-CBC unfortunately. Looks like I have more work to do then.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is a single digital signature (ECDSA) of an encryption key (AES) enough to verify the legitimacy of all encrypted messages?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.