I was not able to understand why we practically need a CPA security in Cipher Bl

Question

I was not able to understand why we practically need a CPA security in Cipher Block Chaining. (which insist on having a random IV), let say if the encryption is not CPA secure i.e , the adversary can identify two cipher-text are same and conclude the two plain-text would have been same. of what use this information is for adversary. i see he is able to know that both the message are same , so what? i think he can't find the plain-text.

In other words is CPA security is strictly a academic definition of security. Does in practice attacker can extract the plain text out of this?

Explanation / Answer

Cryptography is not just about confidentiality of the message, but also confidentiality of information about the message. Given the ciphertext, an attacker should not be able to determine any information about a message without knowing the key.

If you can tell that message A is equal to message B, that's a leak of information. This could be useful when trying to identify the type of message, especially in predictable protocols. It also poses problems when you consider the possibility of replay attacks and side-channel attacks.

Attacks on the key get much easier when you know both the plaintext and ciphertext. If you have a list of known possible plaintexts, you can determine which one corresponds to a particular ciphertext because the output of the cipher is always determined by the plaintext and key. If you use CBC, the position of the message in the stream and the IV come into play, making it infeasible to find which plaintext is associated with which ciphertext.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.