aes attack known-plaintext-attack ecb: Updated Sat, 06 Aug 2022 13:13:26 GMT

Is it possible to find the key for AES ECB if I have a list of plaintext and corresponding ciphertext?

Assume I have a list of plaintext text and its corresponding ciphertext which was created using a specific key with AES in ECB mode.

Can I recover that key?

If, how big does the list of plaintext and matching ciphertext have to be to be able to find it in a feasable amount of time (say in 1 or 2 hours)?

Solution

Assume I have a list of plaintext text and its corresponding ciphertext which was created using a specific key with AES in ECB mode.

Can I recover that key?

No. This is what is referred to as a known plaintext attack, and secure block ciphers are designed to prevent exactly this kind of attack. This answer on the Mathematics Stack Exchange goes into more detail about the notion of IND-CPA ("indistinguishability") which AES is conjectured to meet and how that implies that a known plaintext attack is impossible.

Comments (3)

+0 – So i can't find the key, but if I'm lucky and most of the texts are the same, i can find the plain text of a ciphertext which was encrypted by the same key, right? — Nov 12, 2018 at 21:43
+0 – Have a look at @ymbirtt's excellent answer regarding other attacks against AES that you can do when using ECB mode. — Nov 13, 2018 at 01:42
+0 – @RichardJones Yes, with ECB you will be able to identify plaintext chunks that are identical to known plaintext chunks. But the chunks must be at least 1 block each, and must be "in phase" with each other: the entire blocks that comprise them must be identical. — Jun 02, 2021 at 16:10

External Links

External links referenced by this document:

https://math.stackexchange.com/a/57428

References

https://crypto.stackexchange.com/questions/95837