[Cryptography] mode of operation for file encryption

Steve Weis steveweis at gmail.com
Wed Sep 2 00:56:11 EDT 2015

On Tue, Sep 1, 2015 at 5:19 PM, sebastien riou <matic at nimp.co.uk> wrote:
> I don't understand what you mean by "leaks information in a Chosen-Plaintext
> attack to someone who can predict
> block indices"
> Block index are known to anyone so your statement simplifies to "leaks
> information in a Chosen-Plaintext attack".
> Could you explain what information is being leaked ?

Your made-up mode is: C = AES-ECB(k, P xor IV xor BlockIndex)

If (P_i xor i) = (P_j xor j), then C_i = C_j. If someone sees any
identical output blocks, they learn (P_i xor P_j) = (i xor j). That's
information about the plaintext.

If you don't see any identical blocks of output, you also learn that
no pairs of plaintext satisfy that relationship. Again, that's
information about the plaintext.

More information about the cryptography mailing list