How to detect block cipher mode

StackOverflow https://stackoverflow.com/questions/17382438

Question

How to detect if a message was crypt by CBC or ECB mode?

I have made a function who encrypt in AES 128 CBC or ECB randomly, and I do hamming between clear text and cipher text, but seams not correlated to cipher mode.

How can I detect the block cipher mode?

Thank you in advance

Was it helpful?

Solution

The answer is pretty much given in the problem statement:

Remember that the problem with ECB is that it is stateless and deterministic; the same 16 byte plaintext block will always produce the same 16 byte cipher text.

Thus, with the assumption that some repeated plaintext blocks occur at the same ciphertext block offsets, we can simply go ahead and look for repeated ciphertext blocks of various lengths.

OTHER TIPS

I am doing the same problem set and just finished this problem (using clojure).

My first hint is, it will be more clear what you need to do if you are using a language which supports first class functions/lambdas.

Anyways, let's break down the problem a bit:

First, just write a function which validates that a blackbox is encrypting data with ecb. How would you do this?

It might look something like (pseudocode below)

function boolean isEcbBlackbox(func f) 
{   //what input can I use to determine this?
    result = f("chosen input")
    if(result ...) {//what property of result should I look for?
        true
    } else {
        false
    }
}

Remember, the key weakness of ECB is identical blocks of plaintext will be encrypted to identical blocks of ciphertext.

EDIT: The challenges are now public, so I will link to my solution(s):

https://github.com/dustinconrad/crypto-tutorial/blob/master/src/crypto_tutorial/lib/block.clj#L118

compute block size based on cipher text % 16 or 24 or 32 which ever is == 0

hamming distance should be done by cipher block 1 with rest of the cipher blocks

if we average to per byte using floating point arithmatic, if the value is below certain threshold then it is ECB.

I know the exact exercise you're doing, I'm currently doing it right now myself. I would recommend doing Frequency Analysis on the encrypted strings (don't forget the string might be base64'd or hex). If you get back a frequency distribution that matches the language of the string you encoded then it's safe to assume it's in ECB, otherwise it's probably CBC.

I don't know if this will actually work as I'm just doing the exercise now, but it's a start.

EDIT:

I rushed this answer a bit and feel I should explain more. If it's been encrypted in ECB mode then the frequency analysis should show a normal distribution style regardless of any padding to the start/end of the string and key used. Where as encryption in CBC mode should have a very random and probably flat distribution.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top