Key stream reconstruction

As the only encrypted part is the Initialization vector, if for any reason the user can get this value, it's possible to reconstruct the key stream and then break the entire cipher .


Remember, ciphertext = plaintext ⊕ encrypt(iv) so, only from ciphertext is not direclty possible to reconstruct the key stream.

However, if the user can cipher arbitrary plaintext using a same IV, then he know 2 parts of the xor operation and then he can retrieve the encrypt(iv) value as explained here.

Last updated