Project 3
AES block cipher modes
In this project you will answer a series of questions about AES. In this description you will see five questions, Question 1,...,Question 5. You should answer each of these in a separate document, preferably a markdown document like this one. Please do not use MS word or another word processing program. The cocalc text editor is fine. Please clearly indicate your solution by using an informative filename like solution.md
.
In class last week we played around a bit using block cipher modes and openssl
. For reference I have given you an example of how to use the tool in the file called enc.sh
in your directory:
You can execute this script by doing this at the terminal:
This will produce the output ct_ecb
which is the encryption of the plaintext in the file called plaintext
.
After running enc.sh
you should be able to look at the cipertext and plaintext using the hex editor xxd
. The output should look like this:
Notice that the plaintext is 12 blocks long, as is the ciphertext. But the ciphertext has been padded such that the last block is a full 16 bytes.
You can get the ciphertext as hex without formatting by using the -p
option with xxd
:
Redirect this into a file of its own:
Now edit the hex in ct_ecb.hex
and change the sequence 06b19024
from the 5th block so that it becomes 86b19024
. Notice that this is a one bit change. Save the changes to ct_ecb.hex
.
Now use xxd
in reverse mode to convert the altered hex back into a binary file:
(As always please do not open binary files in the Cocalc text editor! It will mess them up.)
Now decrypt this file as if it were the ciphertext for the original plaintext.
For how to do the decryption, look in the file dec.sh
(some minor modifications may be necessary such as to filenames).
Question 1
How has the plaintext changed? Paste what you see on the command line when you xxd
both the original plaintext and the decrypt of the altered ciphertext. Was the whole decrypt corrupted? Or just one block? Or just one byte?
Question 2
Repeat all of the above, but this time use CBC mode (please use the IV provided in enc.sh
). Again change a single bit in the 5th block of the ciphertext. In particular, change 32429b73
to 22429b73
. How does the plaintext change? Which lines are affected (a whole block or just a byte)? Why does it happen based on how the mode works? Again paste both the xxd
of the original and altered plaintext.
You can use this encryption command:
Question 3
Repeat all of the steps above, but this time use CTR mode. Notice that the ciphertext is not padded in this case. Why not? In the bit flip part of the exercise, change 166186a5
to 366186a5
. Which blocks change? How do they change? Why is that the change?
You can use this encryption command:
Part 2
In this section you will break a ciphertext. This is possible because the developer (me) has made a terrible error. He has encrypted two files using aes-128-ctr
using the same key and the same IV. Even worse: The plaintext of one of the files is known to the attacker (you)!
Question 4
Why is this a mistake? What is the basic plan for decrypting the ciphertext for which the plaintext is unknown?
The files were encrypted using a truly random 128 bit key to which you do not have access. One of the files is just the file called plaintext
which you have in your directory. The ciphertext files are called pt_key2
and m2_key2
. The file pt_key2
is the encryption of plaintext
, but m2_key2
is the encryption of an as yet unknown file.
To help you along I have given you a program called xor
. The source code is in the file xor.c
. You use it like this:
This XORs file1 and file2 on the byte level and puts the result in file3. Because file1 and file2 are probably not the same length, file3 is only as long as the shorter of file1 and file2.
Question 5
What is the decryption of m2_key2
? (Or as much of it as you can find)?