id0-rsa.pubのメモ【Cut and Paste Attack On AES-ECB】

Cut and Paste Attack On AES-ECB


ECB is the most basic mode of operation for block ciphers. When used with AES, any block of 16 bytes (the block size of AES) will encrypt to the same ciphertext when encrypted via AES-ECB with the same key. Below are 3 pairs of messages and their corresponding ciphertexts:

m1 = Deposit amount: 5 dollars
c1 = 0x5797791557579e322e619f12b0ccdee8802015ee0467c419e7a38bd0a254da54
m2 = One million dolls is quite the collection
c2 = 0xb1e952572d6b8e00b626be86552376e2d529a1b9cafaeb3ba7533d2699636323e7e433c10a9dcdab2ed4bee54da684ca
m3 = Hey nice binoculars
c3 = 0x35d0c02036354fdf6082285e0f7bd6d2fdf526bd557b045bce65a3b3e300b55e

Let's suppose there is a (very very bad) protocol to communicate with your bank out there that works as follows: All correspondence is encrypted via AES-ECB and everyone shares a unique key with the bank. The bank will assume all messages are from you provided they decrypt under your key. Suppose you observed the above three ciphertexts being sent to the bank and know their corresponding messages. What ciphertext would you send the bank to forge the message "Deposit amount: One million dollars"? Submit your solution in lowercase hex, no leading 0x.

m1はDeposit amount:+5 dollars
m2はOne million doll+s is quite the c+ollection
m3はHey nice binocu+lars
すると、今回作るDeposit amount: One million dollarsという文字は、m1(Deposit amount:)、m2(One million doll)、m3(ars)にそれぞれ存在していることがわかる。
あとはそれに対応する暗号文をくっつけてsubmitして終了。 5797791557579e322e619f12b0ccdee8b1e952572d6b8e00b626be86552376e2fdf526bd557b045bce65a3b3e300b55e