0
$\begingroup$

I'm about to implement my very first crypto system probably using AES128. (still trying to figure which mode to use)

Is there a weakness in encrypting a plain text of which 50% is known by the attacker? Will an attacker be able to decrypt the unknown 50%.

Let me explain. In my project I need to encrypt dictionaries (list of key/value). I suppose that all the keys are known to the attacker (by reverse engineering), as such an attacker knows more or less half of the plain text. Would that make the encryption of the values weaker?

For what I have understood of chosen plain text attacks, knowing a part of the plain text should not be a problem. But the approval of someone smarter than me would relieve me from anxiety.

Thanks

Improve this question
$\endgroup$

2 Answers 2

Reset to default
3
$\begingroup$

No, partially known plain text won't help an adversary guessing what's unknown, when using AES-128 in any of its usual secure mode, such as the common CTR with random IV (caution: it might help when using ECB, or doing other goofs)

That extends to any modern cipher, and the more general (and often realistic) assumption that the adversary can choose part of the plaintext. All modern ciphers are designed with the explicit goal that the adversary can't tell anything about plaintext that it is not already known. This formalizes as IND-CPA, or IND-CCA1 (depending on what's assumed about what the adversary can do).

Addition: to some degree, a little known plaintext helps brute force attacks (aiming at finding the key by enumeration of the possible keys, which then allows full decryption), and attacks on implementations. However, AES-128 is currently very safe against brute force, thus this threat can be discounted. In the first paragraph, I have silently made the following assumptions:

  • The key was chosen at random, and is initially fully unknown to an adversary.
  • We discount the distant possibility of quantum computers usable for cryptanalysis.
  • The implementation is not attacked by side channels (timing attack, DPA..).
Improve this answer
$\endgroup$
0
$\begingroup$

You concern is certainly legitimate. As a historical example, the German Enigma was routinely cracked by the British by determining its internal state from known plaintexts, even without knowing the position of those plaintexts.

Enigma had a glaring cryptoanalytic flaw because the designers didn't want it to ever output the same character as was input. The designers didn't realize that this actually ruled out many of the possible places in the ciphertext that could possibly match a known plaintext - if there is at least one common character between a guessed plaintext and a ciphertext then that plaintext does not go there and you can directly skip to the next possible position without doing any further analysis. (There was a still a lot of calculation required for the remaining positions but the search space was considerably reduced.)

A common plaintext used by the British was "wettervorhersage" - which means "weather report" in German.

In general, there are all kinds of patterns in data. For example, if you feed ASCII text into an encryption scheme, by definition the top bits of each byte are going to be zero. So, rest assured, this problem you describe is very common and all modern ciphers are designed to not have such weaknesses.

Improve this answer
$\endgroup$

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.