Question w.r.t. AES-CBC IV

Ralph Holz ralph-cryptometzger at
Wed Jun 2 12:36:06 EDT 2010

Dear all,

A colleague dropped in yesterday and confronted me with the following.

He wanted to scrape off some additional bits when using AES-CBC because
the messages in his concept are very short (a few hundred bit). So he
was thinking about a variant of AES-CBC, where he uses just 32 (random)
bits as a source for the IV. These are encrypted with AES and then used
as the actual IV to feed into the CBC. As a result, he does not need to
send a 128 bit IV to the receiver but just the 32 bit.

His argument was that AES basically is used as an expansion function for
the IV here, with the added benefit of encryption. On the whole, this
should not weaken AES-CBC. Although he was not sure if it actually would
strengthen it.

While I am prepared to buy this argument (I am not a cryptographer...),
I still felt that the argument might not be complete. After all, 32 bits
don't provide much randomness, and I wasn't sure if this, overall, would
not lead to more structure in the ciphercode - which might in turn give
an attacker more clues with respect to the key.

Are there any opinions on this?


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list