How can we attack by using chosen plaintext attack (and which plaintext should we choose) if AES didnt have the ShiftRow and Mixcolumn layers. I know each byte would be independent in the 16 byte scheme but couldnt figure out a way to attack.
Asked
Active
Viewed 855 times
1 Answers
1
After the key expansion, there would be 16 different mappings for each of the 16 bytes in a block.
Suppose we are attacking the block cipher itself (in ECB mode), with each byte having 256 different values, we can query 256 ciphertext blocks (all-bytes-0, all-bytes-1, ... all-bytes-255) to get the exact plaintext-to-ciphertext mapping for all 16 bytes's 256 values.
To decrypt future blocks, you just need to have a 16x256=4096 byte (1 memory page) table of the inverse map which you can easily create now.
DannyNiu
- 10,640
- 2
- 27
- 64