GCM-SIV vs CBC with fixed IV?

Paul

2/23/24, 3:55 PM

I keep hearing CBC with fixed IV mode is bad because it has similar issues to the codebook breakdown of ECB mode. However, people seem quite willing to recommend AES-GCM-SIV for deterministic encryption. Why is GCM-SIV superior to claim CBC with fixed IV?

1 + 0

aes

initialization-vector

cbc

aes-gcm

Score:5

Crypto

fgrieu

2/23/24, 4:06 PM

Why is GCM-SIV superior to CBC with fixed IV?

From a confidentiality standpoint:

GCM-SIV changes it's internal IV (with very high probability) when the message changes at any position, thus it's vulnerability is limited to allowing detection that two messages are fully identical (and then only if it's not supplied a proper nonce).
Contrast with CBC with fixed IV, which allows detection of the number of blocks up to which two messages are identical.

From an integrity standpoint:

GCM-SIV detects message alteration (with very high probability).
CBC does not.

Further: the lack of integrity assurance in CBC often enables exploitation of a decryption device to mount attacks on confidentiality, e.g. a padding oracle attack, perhaps allowing full decryption of messages.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: GCM-SIV vs CBC with fixed IV?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.