Alice has four blocks of plaintext, Po,P1,P2,P3, which she encrypts using CBC mode to obtain C0,C1,C2,C3. She then sends the IV and ciphertext to Bob. Upon receiving the ciphertext, Bob plans to verify the integrity as follows. He’ll first decrypt to obtain the putative plaintext, and then he’ll re-encrypt this plaintext using CBC mode and the received IV. If he obtains the same C3 as the final ciphertext block, he will trust the integrity of the plaintext.
a. Suppose that Trudy changes C\ to X, leaving all other blocks and the IV unchanged. Will Bob detect that the data lacks integrity?
b. Suppose that Trudy changes C3 to the value Y, leaving all other blocks and the IV unchanged. Will Bob detect that the data lacks integrity?
c. Is Bob’s integrity checking method secure?
Using CBC mode, Alice encrypts four blocks of plaintext, PQ, P1, P2, P3 and she sends the resulting ciphertext blocks, C0,C1,C2,C3, and the IV to Bob. Suppose that Trudy is able to change any of the ciphertext blocks before they are received by Bob.
If Trudy knows Pi, show that she can replace P\ with X. Hint: Determine C so that if Trudy replaces Co with C, when Bob decrypts C\, he will obtain X instead of Pi.