上QQ阅读APP看书，第一时间看更新

Flipping the bit – integrity attacks against CBC algorithms

When we consider attacks against cryptographic ciphers, we usually think about those attacks against the cipher itself that allow us to break the code and recover plaintext. It's important to remember that the message can be attacked, even when the cipher remains unbroken and, indeed, even the full message is unknown. Let's consider a quick example with a plain stream cipher. Instead of XOR bits, we'll just use decimal digits and modular arithmetic.

XOR is the exclusive-or operation. It simply compares two inputs and returns true if they are different. Of course, with binary, the inputs are either true ( 1) or false ( 0), so if the inputs are both 1 or both 0, the result will be 0.

We'll make our message MEET AT NOON using 01 for A, 02 for B, and so on, and our key 48562879825463728830:

  13050520012014151514
+ 48562879825463728830
  --------------------
  51512399837477879344

Now, let's suppose we can't crack the algorithm, but we can intercept the encrypted message in transit and flip some digits around. Using that same key, throwing in some random numbers would just result in nonsense when we decrypt. But let's just change a few of the final digits – now our key is 51512399837469870948 and suddenly the plaintext becomes MEET AT FOUR. We didn't attack the algorithm; we attacked the message and caused someone some trouble. Now, this is a very rough example designed to illustrate the concept of attacking messages. Now that we've had some fun with modular arithmetic, let's dive into the more complex stuff.