0

I understand that ECB does not hide data patterns well. But my understanding is that it cannot be broken to "know" the underlying message. If that was the case, why can't ECB be used with some obfuscation technique like say XORing with the address? I am talking about data stored in DRAM modules - and assume it is not an image data that gives away the information just by its pattern (as is explained in the Wiki page for block ciphers).

If let's say it is some software code and I obfuscate the AES output by XORing the AES output with the address - or some combination of the address, does it still make the data in the DRAM insecure?

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
Novice
  • 1
  • 2

1 Answers1

2

The concept of encrypting blocks independently but based on the address is sound. It's commonly used in disk encryption.

In the simplest case you could use a tweakable blockcipher in an ECB like mode using the block index as tweak.

But let's say you want to use an existing block cipher, like AES. In that case you want to turn that block cipher into a tweakable block cipher. There are standard modes for doing this, in particular XTS. But they're more complex than your suggestion, applying a non trivial transformation both before and after encrypting with the block cipher. These transformations are keyed and necessary to eliminate patterns in the plaintext.

Simply xor-ing the address into the plaintext, like you suggest is not secure. If an attacker observes two identical ciphertext blocks, they learn that the xor of the corresponding plaintext blocks is equal to the xor of the address. Since they know the xor of the addresses, they learn the xor of the plaintext. In practice this could occur if two consecutive blocks of plaintext differ only by a single bit.

Community
  • 1
CodesInChaos
  • 25,121
  • 2
  • 90
  • 129