How can we attack by using chosen plaintext attack (and which plaintext should we choose) if AES didnt have the ShiftRow and Mixcolumn layers. I know each byte would be independent in the 16 byte scheme but couldnt figure out a way to attack.
Asked
Active
Viewed 824 times
0
Maarten Bodewes
- 92,551
- 13
- 161
- 313
Cem Aytekin
- 3
- 1
-
Think of ECB... – Biv Nov 01 '17 at 10:36
-
@Biv where each of the 16 bytes in a block have a different transformation. – DannyNiu Nov 01 '17 at 10:47
-
@DannyNiu A different transformation sure, but this time you can enumerate all the possible mappings ... ;) – Biv Nov 01 '17 at 10:50
-
related https://crypto.stackexchange.com/questions/34928/what-would-happen-to-aes-if-we-replaced-mixcolumns-with-shiftcolumns/34951#34951 – Richie Frame Nov 02 '17 at 01:15
1 Answers
1
After the key expansion, there would be 16 different mappings for each of the 16 bytes in a block.
Suppose we are attacking the block cipher itself (in ECB mode), with each byte having 256 different values, we can query 256 ciphertext blocks (all-bytes-0, all-bytes-1, ... all-bytes-255) to get the exact plaintext-to-ciphertext mapping for all 16 bytes's 256 values.
To decrypt future blocks, you just need to have a 16x256=4096 byte (1 memory page) table of the inverse map which you can easily create now.
DannyNiu
- 9,207
- 2
- 24
- 57