3

My problem lies around the AES encryption algorithm and implementing an IV into the algorithm. I have the ECB version of AES working and I have thoroughly tested it. I'm trying to make it more secure by adding in an IV. I am looking to understand it better by knowing how the IV is implemented in the algorithm.

I am understanding that the IV is XOR'd with the plain text before encryption, and the IV is then stored with the encrypted data for decryption. But then when I go to decrypt, do I do the same XOR computation after the decryption process?

I tried the above process and my test for encryption and decryption work with the same values, but when I put the two processes side by side I get values very close to one another, but it doesn't seem to be working quite right. Not asking for code to be fixed, just the process laid out for me so that I know I'm doing this correctly. Thanks.

Duncan Jones
  • 67,400
  • 29
  • 193
  • 254
Repareman
  • 128
  • 1
  • 7
  • 2
    If sounds like you have implemented CBC mode correctly for encryption and decryption. You'll have to elaborate on "not quite right" and "very close." What exactly is the problem? – erickson May 20 '13 at 05:09
  • I apologize for being so vague. Basically I have unit tests set up with known inputs for encryption and decryption. Both pass my unit tests. But then I have a unit tests which feeds my encryption into my decryption, which should just give me the same thing back. But when I look at the debugger, the values are just 1 off or so. And since the XOR is the only thing that I've added since I got the ECB to work, I'm just not sure where it's screwing up. But if I remove my XOR from the decryption, then that test passes and the decryption fails. If necessary I can post my methods in an edit. Thanks. – Repareman May 20 '13 at 16:05
  • Hopefully this is for a class/learning purposes - otherwise, you should definitely **not be implementing encryption algorithms on your own.** AES seems simple, but there are many complex implementation nuances *(various timing/other side-channel attacks)* that make it non-trivial to implement correctly. – BlueRaja - Danny Pflughoeft May 20 '13 at 18:17
  • I am implementing my own AES encryption algorithm. I all ready have a tested version of ECB working. But as I've read, that is not a very secure version, and so I'm trying to implement a random initialization vector. I understand that it is not easy, hence why I am making sure through large amounts of unit testing that each function is doing what it is supposed to do through test vectors. Was just asking for some assistance so that I do it correctly. – Repareman May 20 '13 at 19:45
  • possible duplicate of [AES CBC Not Producing Correct Vectors](http://stackoverflow.com/questions/16661869/aes-cbc-not-producing-correct-vectors) – Peter O. May 21 '13 at 08:31
  • @Nerull22: Unit tests can test the correctness of a function, they cannot test its security - and with an encryption scheme, that is an extremely important aspect. Your home-grown AES implementation is also guaranteed to run slower than the implementation from various libraries, which likely make use of the AES instruction set built into modern processors. No matter the reason, implementing it yourself is simply a bad idea. – BlueRaja - Danny Pflughoeft May 21 '13 at 18:49
  • I'm confused. That really doesn't make any sense. Mine is guaranteed to run slower than everyone else's, because why? I know of nothing that is built into processors that have encryption algorithms built in. I know that C# and the .NET framework have a library built in for it, may be built in a lower level coding language which would cause it to run slightly faster as being a lower level language. But beyond that, it just kinda' sounds insulting. Not sure if that's what you were getting at or not, but shouldn't the algorithm itself being implemented provide the security? – Repareman May 23 '13 at 22:40

1 Answers1

6

I always find the Wikipedia diagrams useful for visualizing what happens in CBC-mode:

wiki diagram

You need to decrypt the first block of ciphertext, then XOR the IV to get the first block of plaintext. Thereafter, you need to XOR the previous block of ciphertext with the current block of decrypted data.

Duncan Jones
  • 67,400
  • 29
  • 193
  • 254