How to know the difference between two ciphertexts without key stream in stream ciphers [duplicate] The 2019 Stack Overflow Developer Survey Results Are InTaking advantage of one-time pad key reuse?How does one attack a two-time pad (i.e. one time pad with key reuse)?How to attack the Two Time Pad?Why is the XOR of plaintexts equal to the XOR of ciphertexts with a two time pad?What is the difference between a stream cipher and a one-time-pad?How can I find two strings $m_1$ and $m_2$, knowing that I know $m_1 oplus m_2$?Determine the Key given ciphertexts and plaintexts?Significance of repetition in XOR cipher textWhy must the sender and receiver be synchronised in synchronous stream ciphers?2 round GOST_28147-89 cipher distinguisherWhat is the difference between a Stream cipher and a Symmetric Encryption algorithm?Combination of two stream ciphersAttack on stream cipherRe-encrypting a message and proving that the message has not changed
Return to UK after being refused entry years previously
How to notate time signature switching consistently every measure
How to manage monthly salary
Is "plugging out" electronic devices an American expression?
What is the accessibility of a package's `Private` context variables?
Does a dangling wire really electrocute me if I'm standing in water?
Right tool to dig six foot holes?
How to save as into a customized destination on macOS?
Sci-fi book where a human is taken from Earth to help man an alien ship in a fight against other aliens and rises through the ranks to command
What is the closest word meaning "respect for time / mindful"
Does the shape of a die affect the probability of a number being rolled?
The difference between dialogue marks
What did it mean to "align" a radio?
Where to refill my bottle in India?
How to deal with fear of taking dependencies
Protecting Dualbooting Windows from dangerous code (like rm -rf)
Are children permitted to help build the Beis Hamikdash?
Worn-tile Scrabble
Can someone be penalized for an "unlawful" act if no penalty is specified?
How technical should a Scrum Master be to effectively remove impediments?
Delete all lines which don't have n characters before delimiter
Scaling a graph of a circle and the standard parabola in TikZ
Which Sci-Fi work first showed weapon of galactic-scale mass destruction?
Geography at the pixel level
How to know the difference between two ciphertexts without key stream in stream ciphers [duplicate]
The 2019 Stack Overflow Developer Survey Results Are InTaking advantage of one-time pad key reuse?How does one attack a two-time pad (i.e. one time pad with key reuse)?How to attack the Two Time Pad?Why is the XOR of plaintexts equal to the XOR of ciphertexts with a two time pad?What is the difference between a stream cipher and a one-time-pad?How can I find two strings $m_1$ and $m_2$, knowing that I know $m_1 oplus m_2$?Determine the Key given ciphertexts and plaintexts?Significance of repetition in XOR cipher textWhy must the sender and receiver be synchronised in synchronous stream ciphers?2 round GOST_28147-89 cipher distinguisherWhat is the difference between a Stream cipher and a Symmetric Encryption algorithm?Combination of two stream ciphersAttack on stream cipherRe-encrypting a message and proving that the message has not changed
$begingroup$
This question already has an answer here:
Taking advantage of one-time pad key reuse?
7 answers
If I have two cipher texts lets say $C_1$ and $C_2$ of the same length encrypted through stream cipher technique using the same keystream. Let's say they are:
$$C_1: texttt96 C6 A1 08 E7 F2 33 3B 3F 5C AB$$
$$C_2: texttt90 C6 A1 1E E6 F3 31 2B 37 4A B6$$
$C_1$ is encrypted as ($P_1 oplus textKeystream$) and $C_2$ by ($P_2 oplus textKeystream$) where $P_1$ and $P_2$ are corresponding plaintexts.
- I am asked to tell how can I differentiate between corresponding plain text $P_1$ and plain text $P_2$ from $C_1$ and $C_2$ as an attacker without knowing the keystream?
So, I think the answer would be since both ciphers are encrypted through the same key stream, they would have similarities where the same plain text and keystream value exists. In this way, I can differentiate the other parts of the plain text. Is there anything more to it?
Thanks.
encryption stream-cipher
edited Apr 6 at 14:30
kelalaka
8,79032351
asked Apr 6 at 13:37
TahirTahir
183
New contributor
Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
marked as duplicate by Squeamish Ossifrage, kelalaka, Maarten Bodewes♦ encryption
Users with the encryption badge can single-handedly close encryption questions as duplicates and reopen them as needed.
StackExchange.ready(function()
if (StackExchange.options.isMobile) return;
$('.dupe-hammer-message-hover:not(.hover-bound)').each(function()
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');
$hover.hover(
function()
$hover.showInfoMessage('',
messageElement: $msg.clone().show(),
transient: false,
position: my: 'bottom left', at: 'top center', offsetTop: -7 ,
dismissable: false,
relativeToBody: true
);
,
function()
StackExchange.helpers.removeMessages();
);
);
);
yesterday
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
add a comment |
$begingroup$
This question already has an answer here:
Taking advantage of one-time pad key reuse?
7 answers
If I have two cipher texts lets say $C_1$ and $C_2$ of the same length encrypted through stream cipher technique using the same keystream. Let's say they are:
$$C_1: texttt96 C6 A1 08 E7 F2 33 3B 3F 5C AB$$
$$C_2: texttt90 C6 A1 1E E6 F3 31 2B 37 4A B6$$
$C_1$ is encrypted as ($P_1 oplus textKeystream$) and $C_2$ by ($P_2 oplus textKeystream$) where $P_1$ and $P_2$ are corresponding plaintexts.
- I am asked to tell how can I differentiate between corresponding plain text $P_1$ and plain text $P_2$ from $C_1$ and $C_2$ as an attacker without knowing the keystream?
So, I think the answer would be since both ciphers are encrypted through the same key stream, they would have similarities where the same plain text and keystream value exists. In this way, I can differentiate the other parts of the plain text. Is there anything more to it?
Thanks.
encryption stream-cipher
edited Apr 6 at 14:30
kelalaka
8,79032351
asked Apr 6 at 13:37
TahirTahir
183
New contributor
Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
marked as duplicate by Squeamish Ossifrage, kelalaka, Maarten Bodewes♦ encryption
Users with the encryption badge can single-handedly close encryption questions as duplicates and reopen them as needed.
StackExchange.ready(function()
if (StackExchange.options.isMobile) return;
$('.dupe-hammer-message-hover:not(.hover-bound)').each(function()
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');
$hover.hover(
function()
$hover.showInfoMessage('',
messageElement: $msg.clone().show(),
transient: false,
position: my: 'bottom left', at: 'top center', offsetTop: -7 ,
dismissable: false,
relativeToBody: true
);
,
function()
StackExchange.helpers.removeMessages();
);
);
);
yesterday
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
$begingroup$
More duplicates: crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/25299/…, crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/30425/…
$endgroup$
– Squeamish Ossifrage
2 days ago
add a comment |
$begingroup$
This question already has an answer here:
Taking advantage of one-time pad key reuse?
7 answers
If I have two cipher texts lets say $C_1$ and $C_2$ of the same length encrypted through stream cipher technique using the same keystream. Let's say they are:
$$C_1: texttt96 C6 A1 08 E7 F2 33 3B 3F 5C AB$$
$$C_2: texttt90 C6 A1 1E E6 F3 31 2B 37 4A B6$$
$C_1$ is encrypted as ($P_1 oplus textKeystream$) and $C_2$ by ($P_2 oplus textKeystream$) where $P_1$ and $P_2$ are corresponding plaintexts.
- I am asked to tell how can I differentiate between corresponding plain text $P_1$ and plain text $P_2$ from $C_1$ and $C_2$ as an attacker without knowing the keystream?
So, I think the answer would be since both ciphers are encrypted through the same key stream, they would have similarities where the same plain text and keystream value exists. In this way, I can differentiate the other parts of the plain text. Is there anything more to it?
Thanks.
encryption stream-cipher
edited Apr 6 at 14:30
kelalaka
8,79032351
asked Apr 6 at 13:37
TahirTahir
183
New contributor
Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
This question already has an answer here:
Taking advantage of one-time pad key reuse?
7 answers
If I have two cipher texts lets say $C_1$ and $C_2$ of the same length encrypted through stream cipher technique using the same keystream. Let's say they are:
$$C_1: texttt96 C6 A1 08 E7 F2 33 3B 3F 5C AB$$
$$C_2: texttt90 C6 A1 1E E6 F3 31 2B 37 4A B6$$
$C_1$ is encrypted as ($P_1 oplus textKeystream$) and $C_2$ by ($P_2 oplus textKeystream$) where $P_1$ and $P_2$ are corresponding plaintexts.
- I am asked to tell how can I differentiate between corresponding plain text $P_1$ and plain text $P_2$ from $C_1$ and $C_2$ as an attacker without knowing the keystream?
So, I think the answer would be since both ciphers are encrypted through the same key stream, they would have similarities where the same plain text and keystream value exists. In this way, I can differentiate the other parts of the plain text. Is there anything more to it?
Thanks.
This question already has an answer here:
Taking advantage of one-time pad key reuse?
7 answers
encryption stream-cipher
encryption stream-cipher
edited Apr 6 at 14:30
kelalaka
8,79032351
asked Apr 6 at 13:37
TahirTahir
183
New contributor
Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited Apr 6 at 14:30
kelalaka
8,79032351
asked Apr 6 at 13:37
TahirTahir
183
New contributor
Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited Apr 6 at 14:30
kelalaka
8,79032351
edited Apr 6 at 14:30
kelalaka
8,79032351
edited Apr 6 at 14:30
kelalaka
8,79032351
8,79032351
asked Apr 6 at 13:37
TahirTahir
183
New contributor
Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Apr 6 at 13:37
TahirTahir
183
asked Apr 6 at 13:37
TahirTahir
183
183
New contributor
Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
marked as duplicate by Squeamish Ossifrage, kelalaka, Maarten Bodewes♦ encryption
Users with the encryption badge can single-handedly close encryption questions as duplicates and reopen them as needed.
StackExchange.ready(function()
if (StackExchange.options.isMobile) return;
$('.dupe-hammer-message-hover:not(.hover-bound)').each(function()
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');
$hover.hover(
function()
$hover.showInfoMessage('',
messageElement: $msg.clone().show(),
transient: false,
position: my: 'bottom left', at: 'top center', offsetTop: -7 ,
dismissable: false,
relativeToBody: true
);
,
function()
StackExchange.helpers.removeMessages();
);
);
);
yesterday
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
marked as duplicate by Squeamish Ossifrage, kelalaka, Maarten Bodewes♦ encryption
Users with the encryption badge can single-handedly close encryption questions as duplicates and reopen them as needed.
StackExchange.ready(function()
if (StackExchange.options.isMobile) return;
$('.dupe-hammer-message-hover:not(.hover-bound)').each(function()
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');
$hover.hover(
function()
$hover.showInfoMessage('',
messageElement: $msg.clone().show(),
transient: false,
position: my: 'bottom left', at: 'top center', offsetTop: -7 ,
dismissable: false,
relativeToBody: true
);
,
function()
StackExchange.helpers.removeMessages();
);
);
);
yesterday
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
$begingroup$
More duplicates: crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/25299/…, crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/30425/…
$endgroup$
– Squeamish Ossifrage
2 days ago
add a comment |
$begingroup$
More duplicates: crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/25299/…, crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/30425/…
$endgroup$
– Squeamish Ossifrage
2 days ago
$begingroup$
More duplicates: crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/25299/…, crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/30425/…
$endgroup$
– Squeamish Ossifrage
2 days ago
$begingroup$
More duplicates: crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/25299/…, crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/30425/…
$endgroup$
– Squeamish Ossifrage
2 days ago
add a comment |
2 Answers
2
active
oldest
votes
$begingroup$
Let's say $C_1 = P_1 oplus K$ and $C_2 = P_2 oplus K$ where $P$ is a plaintext, $K$ is the key stream and $C$ is the ciphertext.
Then if you XOR the two ciphertext together you get:
$$C_1 oplus C_2 =\
P_1 oplus K oplus P2 oplus K =\
P_1 oplus P_2$$
There are all kinds of interesting properties of the XOR of two plaintext together. For instance, one of the most common characters is the space, so you can easily guess many characters by just flipping a bit (space is 0x20 or 0b0010_0000 after all). You can see that a lot of combinations are not possible or unlikely and you can perform frequency analysis.
This becomes even more powerful if you have 3 or more ciphertexts, as you can compare each and every pair, and if there are $n$ ciphertext then there are $n cdot (n - 1) over 2$ combinations to be made.
answered Apr 6 at 14:30
Maarten Bodewes♦Maarten Bodewes
55.8k679196
$endgroup$
add a comment |
$begingroup$
In the stream-ciphers, same key-stream is not used two times, I mean that when you encrypt P1 with a Keystream (P1⊕Keystream), the same key-stream should never used for encrypting P2 (P2⊕Keystream). if you use same key-stream for two different encryption, then you cipher-texts are susceptible to "two time pad Attack". In this attack, Attacker captures C1 and C2 which they are encrypted in this way:
C1 = (P1⊕Keystream)
C2 = (P2⊕Keystream)
Then attacker works out C1 ⊕ C2; which leads to P1 ⊕ P2. We know that (Keystream ⊕ Keystream = 1).
Now attacker bases on some characteristics of plaintext (P1,P2) such as redundancy of ASCII codes, we can get the original plaintext.
But we should remember that we use IV beside the Key for preventing of producing the same keystream.
answered Apr 6 at 15:20
Arsalan VahiArsalan Vahi
1169
$endgroup$
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
Let's say $C_1 = P_1 oplus K$ and $C_2 = P_2 oplus K$ where $P$ is a plaintext, $K$ is the key stream and $C$ is the ciphertext.
Then if you XOR the two ciphertext together you get:
$$C_1 oplus C_2 =\
P_1 oplus K oplus P2 oplus K =\
P_1 oplus P_2$$
There are all kinds of interesting properties of the XOR of two plaintext together. For instance, one of the most common characters is the space, so you can easily guess many characters by just flipping a bit (space is 0x20 or 0b0010_0000 after all). You can see that a lot of combinations are not possible or unlikely and you can perform frequency analysis.
This becomes even more powerful if you have 3 or more ciphertexts, as you can compare each and every pair, and if there are $n$ ciphertext then there are $n cdot (n - 1) over 2$ combinations to be made.
answered Apr 6 at 14:30
Maarten Bodewes♦Maarten Bodewes
55.8k679196
$endgroup$
add a comment |
$begingroup$
Let's say $C_1 = P_1 oplus K$ and $C_2 = P_2 oplus K$ where $P$ is a plaintext, $K$ is the key stream and $C$ is the ciphertext.
Then if you XOR the two ciphertext together you get:
$$C_1 oplus C_2 =\
P_1 oplus K oplus P2 oplus K =\
P_1 oplus P_2$$
There are all kinds of interesting properties of the XOR of two plaintext together. For instance, one of the most common characters is the space, so you can easily guess many characters by just flipping a bit (space is 0x20 or 0b0010_0000 after all). You can see that a lot of combinations are not possible or unlikely and you can perform frequency analysis.
This becomes even more powerful if you have 3 or more ciphertexts, as you can compare each and every pair, and if there are $n$ ciphertext then there are $n cdot (n - 1) over 2$ combinations to be made.
answered Apr 6 at 14:30
Maarten Bodewes♦Maarten Bodewes
55.8k679196
$endgroup$
add a comment |
$begingroup$
Let's say $C_1 = P_1 oplus K$ and $C_2 = P_2 oplus K$ where $P$ is a plaintext, $K$ is the key stream and $C$ is the ciphertext.
Then if you XOR the two ciphertext together you get:
$$C_1 oplus C_2 =\
P_1 oplus K oplus P2 oplus K =\
P_1 oplus P_2$$
There are all kinds of interesting properties of the XOR of two plaintext together. For instance, one of the most common characters is the space, so you can easily guess many characters by just flipping a bit (space is 0x20 or 0b0010_0000 after all). You can see that a lot of combinations are not possible or unlikely and you can perform frequency analysis.
This becomes even more powerful if you have 3 or more ciphertexts, as you can compare each and every pair, and if there are $n$ ciphertext then there are $n cdot (n - 1) over 2$ combinations to be made.
answered Apr 6 at 14:30
Maarten Bodewes♦Maarten Bodewes
55.8k679196
$endgroup$
Let's say $C_1 = P_1 oplus K$ and $C_2 = P_2 oplus K$ where $P$ is a plaintext, $K$ is the key stream and $C$ is the ciphertext.
Then if you XOR the two ciphertext together you get:
$$C_1 oplus C_2 =\
P_1 oplus K oplus P2 oplus K =\
P_1 oplus P_2$$
There are all kinds of interesting properties of the XOR of two plaintext together. For instance, one of the most common characters is the space, so you can easily guess many characters by just flipping a bit (space is 0x20 or 0b0010_0000 after all). You can see that a lot of combinations are not possible or unlikely and you can perform frequency analysis.
This becomes even more powerful if you have 3 or more ciphertexts, as you can compare each and every pair, and if there are $n$ ciphertext then there are $n cdot (n - 1) over 2$ combinations to be made.
answered Apr 6 at 14:30
Maarten Bodewes♦Maarten Bodewes
55.8k679196
edited Apr 6 at 16:11
answered Apr 6 at 14:30
Maarten Bodewes♦Maarten Bodewes
55.8k679196
answered Apr 6 at 14:30
Maarten Bodewes♦Maarten Bodewes
55.8k679196
answered Apr 6 at 14:30
Maarten Bodewes♦Maarten Bodewes
55.8k679196
55.8k679196
add a comment |
add a comment |
$begingroup$
In the stream-ciphers, same key-stream is not used two times, I mean that when you encrypt P1 with a Keystream (P1⊕Keystream), the same key-stream should never used for encrypting P2 (P2⊕Keystream). if you use same key-stream for two different encryption, then you cipher-texts are susceptible to "two time pad Attack". In this attack, Attacker captures C1 and C2 which they are encrypted in this way:
C1 = (P1⊕Keystream)
C2 = (P2⊕Keystream)
Then attacker works out C1 ⊕ C2; which leads to P1 ⊕ P2. We know that (Keystream ⊕ Keystream = 1).
Now attacker bases on some characteristics of plaintext (P1,P2) such as redundancy of ASCII codes, we can get the original plaintext.
But we should remember that we use IV beside the Key for preventing of producing the same keystream.
answered Apr 6 at 15:20
Arsalan VahiArsalan Vahi
1169
$endgroup$
add a comment |
$begingroup$
In the stream-ciphers, same key-stream is not used two times, I mean that when you encrypt P1 with a Keystream (P1⊕Keystream), the same key-stream should never used for encrypting P2 (P2⊕Keystream). if you use same key-stream for two different encryption, then you cipher-texts are susceptible to "two time pad Attack". In this attack, Attacker captures C1 and C2 which they are encrypted in this way:
C1 = (P1⊕Keystream)
C2 = (P2⊕Keystream)
Then attacker works out C1 ⊕ C2; which leads to P1 ⊕ P2. We know that (Keystream ⊕ Keystream = 1).
Now attacker bases on some characteristics of plaintext (P1,P2) such as redundancy of ASCII codes, we can get the original plaintext.
But we should remember that we use IV beside the Key for preventing of producing the same keystream.
answered Apr 6 at 15:20
Arsalan VahiArsalan Vahi
1169
$endgroup$
add a comment |
$begingroup$
In the stream-ciphers, same key-stream is not used two times, I mean that when you encrypt P1 with a Keystream (P1⊕Keystream), the same key-stream should never used for encrypting P2 (P2⊕Keystream). if you use same key-stream for two different encryption, then you cipher-texts are susceptible to "two time pad Attack". In this attack, Attacker captures C1 and C2 which they are encrypted in this way:
C1 = (P1⊕Keystream)
C2 = (P2⊕Keystream)
Then attacker works out C1 ⊕ C2; which leads to P1 ⊕ P2. We know that (Keystream ⊕ Keystream = 1).
Now attacker bases on some characteristics of plaintext (P1,P2) such as redundancy of ASCII codes, we can get the original plaintext.
But we should remember that we use IV beside the Key for preventing of producing the same keystream.
answered Apr 6 at 15:20
Arsalan VahiArsalan Vahi
1169
$endgroup$
In the stream-ciphers, same key-stream is not used two times, I mean that when you encrypt P1 with a Keystream (P1⊕Keystream), the same key-stream should never used for encrypting P2 (P2⊕Keystream). if you use same key-stream for two different encryption, then you cipher-texts are susceptible to "two time pad Attack". In this attack, Attacker captures C1 and C2 which they are encrypted in this way:
C1 = (P1⊕Keystream)
C2 = (P2⊕Keystream)
Then attacker works out C1 ⊕ C2; which leads to P1 ⊕ P2. We know that (Keystream ⊕ Keystream = 1).
Now attacker bases on some characteristics of plaintext (P1,P2) such as redundancy of ASCII codes, we can get the original plaintext.
But we should remember that we use IV beside the Key for preventing of producing the same keystream.
answered Apr 6 at 15:20
Arsalan VahiArsalan Vahi
1169
answered Apr 6 at 15:20
Arsalan VahiArsalan Vahi
1169
answered Apr 6 at 15:20
Arsalan VahiArsalan Vahi
1169
answered Apr 6 at 15:20
Arsalan VahiArsalan Vahi
1169
1169
add a comment |
add a comment |
$begingroup$
More duplicates: crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/25299/…, crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/30425/…
$endgroup$
– Squeamish Ossifrage
2 days ago