2
$\begingroup$

I have a question. For example I have text: "The quick brown fox jumps over the dog!"

It has 32 letters. If I encrypt the first 16 letters with key: "11111111111111111111111111111111" and nonce: "1111111111111111" and next 16 letters with the same key and nonce will it be secure?

Improve this question
$\endgroup$
4
  • 3
    $\begingroup$ Never ever use the same key and nonce to encrypt seperate plaintexts, because if they just XOR the different cipher texts then they have the encryption key $\endgroup$ Commented Dec 27, 2019 at 10:27
  • $\begingroup$ @SamG101 so, I need to encrypt whole message, not part, yes? $\endgroup$ Commented Dec 27, 2019 at 10:30
  • 1
    $\begingroup$ Either that, or use a new nonce per chunk of data encrypted $\endgroup$ Commented Dec 27, 2019 at 10:59
  • $\begingroup$ Is this kind of homework? $\endgroup$ Commented Dec 27, 2019 at 18:37

1 Answer 1

Reset to default
3
$\begingroup$

With AES CTR mode, using the same key and nonce to encrypt multiple blocks of data is a huge security breach:

Ciphertext1 = Plaintext1 XOR Key
Ciphertext2 = Plaintext2 XOR Key

XORing the ciphertexts:

Ciphertext1 XOR Ciphertext2 = Plaintext1 XOR Key XOR Plaintext2 XOR Key

This simplifies to

Plaintext1 XOR Plaintext2

This means that if you knew that the first message of the day (plaintext1) was going to be "weather report" then you could work out what the first 14 bytes of ciphertext2 is, because you could XOR "weather report" with the first 14 bytes of ciphertext1, get the first 14 bytes of the key, and them use this to decrypt the first 14 bytes of ciphertext2, and get the first 14 bytes of plaintext2. Other techniques such as what kelalaka suggested can be used to work out the whole message.

The solution: either encrypt the whole lot of data with the key and nonce, or change the nonce per block of data encrypted - maybe use a counter, because the nonce does not have to be unpredictable, but must be unique.

Improve this answer
$\endgroup$
4
  • $\begingroup$ if we x-or two ciphertexts than the output is the x-or of the plaintexts. If you can find the plaintexts by crib dragging than you can find the key, $\endgroup$ Commented Dec 27, 2019 at 18:25
  • $\begingroup$ I've confused myself with a many-time-pad. I'll update the answer $\endgroup$ Commented Dec 27, 2019 at 19:42
  • $\begingroup$ if I encrypt 512 bytes with one key and iv, then encrypt another 512 bytes with another key and iv. is it secure? $\endgroup$ Commented Dec 28, 2019 at 8:54
  • $\begingroup$ Yes. You can use the same key, just change the nonce $\endgroup$ Commented Dec 28, 2019 at 9:32

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.