Just consolidating some research I was doing for a class report. An IV(initialization vector) is used to XOR with the initial block of plain text in a message to randomize the encryption. For an intro to how encryption works and ciphers, head to this link.
Block ciphers work on fixed-length blocks of bits. A stream of message is divided into blocks and then converted to cipher text. Although at first the method seems secure, on deeper analysis we find it may be the case that the block appears multiple times in a plain text message. In such a case, if the message is large, all block are encrypted with the same key. This kind of cipher text can be deciphered by employing first order statistics or differential cryptanalysis because a repetition in the message becomes a corresponding repetition in the encrypted data. Such an approach degrades security. This vulnerability calls for the need of a non-repeating set of keys to encrypt blocks or characters of a message. This ‘key-stream’ ensures that multiple blocks of data are not encrypted using the same key, hence cannot be deciphered using basic cryptanalysis techniques. We convert block ciphers to stream ciphers using modes of operation like Cipher Feedback Mode to encrypt each block with output of previous cipher block as key. This provides a new key for each block and preserves confidentiality in a more secure manner; even though the processing cost involved is more. Each block or character of message is XOR’ed with members of the key stream in the following way:
message m=b1b2b3… is encrypted with key-stream k1k2k3… such that Ck=Ck1(b1)Ck2(b2)…
What’s the need for an IV?
IV is used to XOR with the initial block of plain text in a message to randomize the encryption. This value is then encrypted and used to XOR with subsequent blocks of plain-text. For this method of encryption to be effective, the IV must be unique and not easily predictable. Uniqueness is extremely important for selection of an IV because if reused, a repeated plain-text will produce a repeated key-stream which will make the transmission vulnerable to cryptanalysis attacks. If the IV is compromised, an adversary can find out if a message was encrypted with the same key in an earlier block. If this is discovered to be so, the attacker can check his guess about the plain-text of that block and subsequently determine the next set of keys, thus compromising the transmission. If the same IV is used multiple times to encrypt the same message stream, the transmission is susceptible to dictionary attacks. If some of these blocks have a common beginning sequence, the resulting cipher text will be same. An attacker may use a chosen plain-text attack or statistical attacks to recover the plain-text, thus compromising the secure transmission. Any protocol that reuses IV will not be safer than using a different IV for every stream. Whenever there is a reuse of the IV, there is bound to be repetition of cipher text at some point. This repetition of cipher text opens up the transmission to statistical attacks by an adversary. Even if the IV is sufficiently random, an attacker monitoring the transmission for a long enough period, may observe the patterns appearing due to repeated cipher-texts.
Even if the IV is used only once, what’s a fundamental vulnerability that this kind of encryption suffers from?
If same key is used for encrypting a block, the transmission becomes open to a XOR vulnerability. An attacker is able to recover the plain-text via combining two messages encrypted using the same key. This is due to the commutative property of the XOR operation, i.e., P XOR Q = 0. Hence, if C=M1 XOR K & D=M2 XOR K, K being the reused key, an attacker may recover M1 XOR M2 by performing C XOR D. Once this is done, if the message is in a recognizable language, the attacker can simply decipher the separate messages.The same commutative property can be used to compromise transmission if one only uses simple XOR in encryption. If an attacker has the plain-text M and the corresponding cipher-text C, he can then obtain the Key used by simply M XOR C operation. Thus, XOR encryption is as strong as the key used. A XOR with a One-Time pad will result in a theoretically unbreakable encryption.