Attack on aes128 ofb/ctr

On my recent adventures, I managed to attack aes 128 cbc/cfb, but I am unsure on how to attack ofb and ctr modes. I am using known IV/nonce and have knowledge of pt and ct.
Is there a leakage model that will help me? If not I am not sure how to proceed with the attack


Hi Joao,

The requirements for attacking different modes of operation is basically the same as ECB - you need to know a varying input in or out of the block cipher. With OFB, you’ll need to use plaintext + ciphertext, as that both exits and enters the block cipher:

Thus, when attacking OFB, simply substitute plaintext + ciphertext where you would use plaintext.

CTR can be a bit trickier, since the Nonce||Counter isn’t sufficient to break more than a few bytes of the key; however, since you know the plaintext and ciphertext, you can simply attacking using a ciphertext leakage model and substitute plaintext + ciphertext in for the ciphertext in your attack.


1 Like