How to know the difference between two ciphertexts without key stream in stream ciphers [duplicate]












1












$begingroup$



This question already has an answer here:




  • Taking advantage of one-time pad key reuse?

    7 answers




If I have two cipher texts lets say $C_1$ and $C_2$ of the same length encrypted through stream cipher technique using the same keystream. Let's say they are:



$$C_1: texttt{96 C6 A1 08 E7 F2 33 3B 3F 5C AB}$$



$$C_2: texttt{90 C6 A1 1E E6 F3 31 2B 37 4A B6}$$



$C_1$ is encrypted as ($P_1 oplus text{Keystream}$) and $C_2$ by ($P_2 oplus text{Keystream}$) where $P_1$ and $P_2$ are corresponding plaintexts.




  • I am asked to tell how can I differentiate between corresponding plain text $P_1$ and plain text $P_2$ from $C_1$ and $C_2$ as an attacker without knowing the keystream?


So, I think the answer would be since both ciphers are encrypted through the same key stream, they would have similarities where the same plain text and keystream value exists. In this way, I can differentiate the other parts of the plain text. Is there anything more to it?
Thanks.










share|improve this question









New contributor




Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







$endgroup$



marked as duplicate by Squeamish Ossifrage, kelalaka, Maarten Bodewes encryption
Users with the  encryption badge can single-handedly close encryption questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
7 hours ago


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.


















  • $begingroup$
    More duplicates: crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/25299/…, crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/30425/…
    $endgroup$
    – Squeamish Ossifrage
    2 days ago
















1












$begingroup$



This question already has an answer here:




  • Taking advantage of one-time pad key reuse?

    7 answers




If I have two cipher texts lets say $C_1$ and $C_2$ of the same length encrypted through stream cipher technique using the same keystream. Let's say they are:



$$C_1: texttt{96 C6 A1 08 E7 F2 33 3B 3F 5C AB}$$



$$C_2: texttt{90 C6 A1 1E E6 F3 31 2B 37 4A B6}$$



$C_1$ is encrypted as ($P_1 oplus text{Keystream}$) and $C_2$ by ($P_2 oplus text{Keystream}$) where $P_1$ and $P_2$ are corresponding plaintexts.




  • I am asked to tell how can I differentiate between corresponding plain text $P_1$ and plain text $P_2$ from $C_1$ and $C_2$ as an attacker without knowing the keystream?


So, I think the answer would be since both ciphers are encrypted through the same key stream, they would have similarities where the same plain text and keystream value exists. In this way, I can differentiate the other parts of the plain text. Is there anything more to it?
Thanks.










share|improve this question









New contributor




Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







$endgroup$



marked as duplicate by Squeamish Ossifrage, kelalaka, Maarten Bodewes encryption
Users with the  encryption badge can single-handedly close encryption questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
7 hours ago


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.


















  • $begingroup$
    More duplicates: crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/25299/…, crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/30425/…
    $endgroup$
    – Squeamish Ossifrage
    2 days ago














1












1








1





$begingroup$



This question already has an answer here:




  • Taking advantage of one-time pad key reuse?

    7 answers




If I have two cipher texts lets say $C_1$ and $C_2$ of the same length encrypted through stream cipher technique using the same keystream. Let's say they are:



$$C_1: texttt{96 C6 A1 08 E7 F2 33 3B 3F 5C AB}$$



$$C_2: texttt{90 C6 A1 1E E6 F3 31 2B 37 4A B6}$$



$C_1$ is encrypted as ($P_1 oplus text{Keystream}$) and $C_2$ by ($P_2 oplus text{Keystream}$) where $P_1$ and $P_2$ are corresponding plaintexts.




  • I am asked to tell how can I differentiate between corresponding plain text $P_1$ and plain text $P_2$ from $C_1$ and $C_2$ as an attacker without knowing the keystream?


So, I think the answer would be since both ciphers are encrypted through the same key stream, they would have similarities where the same plain text and keystream value exists. In this way, I can differentiate the other parts of the plain text. Is there anything more to it?
Thanks.










share|improve this question









New contributor




Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







$endgroup$





This question already has an answer here:




  • Taking advantage of one-time pad key reuse?

    7 answers




If I have two cipher texts lets say $C_1$ and $C_2$ of the same length encrypted through stream cipher technique using the same keystream. Let's say they are:



$$C_1: texttt{96 C6 A1 08 E7 F2 33 3B 3F 5C AB}$$



$$C_2: texttt{90 C6 A1 1E E6 F3 31 2B 37 4A B6}$$



$C_1$ is encrypted as ($P_1 oplus text{Keystream}$) and $C_2$ by ($P_2 oplus text{Keystream}$) where $P_1$ and $P_2$ are corresponding plaintexts.




  • I am asked to tell how can I differentiate between corresponding plain text $P_1$ and plain text $P_2$ from $C_1$ and $C_2$ as an attacker without knowing the keystream?


So, I think the answer would be since both ciphers are encrypted through the same key stream, they would have similarities where the same plain text and keystream value exists. In this way, I can differentiate the other parts of the plain text. Is there anything more to it?
Thanks.





This question already has an answer here:




  • Taking advantage of one-time pad key reuse?

    7 answers








encryption stream-cipher






share|improve this question









New contributor




Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited Apr 6 at 14:30









kelalaka

8,78032351




8,78032351






New contributor




Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked Apr 6 at 13:37









TahirTahir

183




183




New contributor




Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Tahir is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




marked as duplicate by Squeamish Ossifrage, kelalaka, Maarten Bodewes encryption
Users with the  encryption badge can single-handedly close encryption questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
7 hours ago


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









marked as duplicate by Squeamish Ossifrage, kelalaka, Maarten Bodewes encryption
Users with the  encryption badge can single-handedly close encryption questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
7 hours ago


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.














  • $begingroup$
    More duplicates: crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/25299/…, crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/30425/…
    $endgroup$
    – Squeamish Ossifrage
    2 days ago


















  • $begingroup$
    More duplicates: crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/25299/…, crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/30425/…
    $endgroup$
    – Squeamish Ossifrage
    2 days ago
















$begingroup$
More duplicates: crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/25299/…, crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/30425/…
$endgroup$
– Squeamish Ossifrage
2 days ago




$begingroup$
More duplicates: crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/25299/…, crypto.stackexchange.com/questions/2249/…, crypto.stackexchange.com/questions/30425/…
$endgroup$
– Squeamish Ossifrage
2 days ago










2 Answers
2






active

oldest

votes


















2












$begingroup$

Let's say $C_1 = P_1 oplus K$ and $C_2 = P_2 oplus K$ where $P$ is a plaintext, $K$ is the key stream and $C$ is the ciphertext.



Then if you XOR the two ciphertext together you get:



$$C_1 oplus C_2 =\
P_1 oplus K oplus P2 oplus K =\
P_1 oplus P_2$$



There are all kinds of interesting properties of the XOR of two plaintext together. For instance, one of the most common characters is the space, so you can easily guess many characters by just flipping a bit (space is 0x20 or 0b0010_0000 after all). You can see that a lot of combinations are not possible or unlikely and you can perform frequency analysis.



This becomes even more powerful if you have 3 or more ciphertexts, as you can compare each and every pair, and if there are $n$ ciphertext then there are ${n cdot (n - 1)} over 2$ combinations to be made.






share|improve this answer











$endgroup$





















    0












    $begingroup$

    In the stream-ciphers, same key-stream is not used two times, I mean that when you encrypt P1 with a Keystream (P1⊕Keystream), the same key-stream should never used for encrypting P2 (P2⊕Keystream). if you use same key-stream for two different encryption, then you cipher-texts are susceptible to "two time pad Attack". In this attack, Attacker captures C1 and C2 which they are encrypted in this way:



             C1 = (P1⊕Keystream) 
    C2 = (P2⊕Keystream)


    Then attacker works out C1 ⊕ C2; which leads to P1 ⊕ P2. We know that (Keystream ⊕ Keystream = 1).



    Now attacker bases on some characteristics of plaintext (P1,P2) such as redundancy of ASCII codes, we can get the original plaintext.



    But we should remember that we use IV beside the Key for preventing of producing the same keystream.






    share|improve this answer









    $endgroup$




















      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      2












      $begingroup$

      Let's say $C_1 = P_1 oplus K$ and $C_2 = P_2 oplus K$ where $P$ is a plaintext, $K$ is the key stream and $C$ is the ciphertext.



      Then if you XOR the two ciphertext together you get:



      $$C_1 oplus C_2 =\
      P_1 oplus K oplus P2 oplus K =\
      P_1 oplus P_2$$



      There are all kinds of interesting properties of the XOR of two plaintext together. For instance, one of the most common characters is the space, so you can easily guess many characters by just flipping a bit (space is 0x20 or 0b0010_0000 after all). You can see that a lot of combinations are not possible or unlikely and you can perform frequency analysis.



      This becomes even more powerful if you have 3 or more ciphertexts, as you can compare each and every pair, and if there are $n$ ciphertext then there are ${n cdot (n - 1)} over 2$ combinations to be made.






      share|improve this answer











      $endgroup$


















        2












        $begingroup$

        Let's say $C_1 = P_1 oplus K$ and $C_2 = P_2 oplus K$ where $P$ is a plaintext, $K$ is the key stream and $C$ is the ciphertext.



        Then if you XOR the two ciphertext together you get:



        $$C_1 oplus C_2 =\
        P_1 oplus K oplus P2 oplus K =\
        P_1 oplus P_2$$



        There are all kinds of interesting properties of the XOR of two plaintext together. For instance, one of the most common characters is the space, so you can easily guess many characters by just flipping a bit (space is 0x20 or 0b0010_0000 after all). You can see that a lot of combinations are not possible or unlikely and you can perform frequency analysis.



        This becomes even more powerful if you have 3 or more ciphertexts, as you can compare each and every pair, and if there are $n$ ciphertext then there are ${n cdot (n - 1)} over 2$ combinations to be made.






        share|improve this answer











        $endgroup$
















          2












          2








          2





          $begingroup$

          Let's say $C_1 = P_1 oplus K$ and $C_2 = P_2 oplus K$ where $P$ is a plaintext, $K$ is the key stream and $C$ is the ciphertext.



          Then if you XOR the two ciphertext together you get:



          $$C_1 oplus C_2 =\
          P_1 oplus K oplus P2 oplus K =\
          P_1 oplus P_2$$



          There are all kinds of interesting properties of the XOR of two plaintext together. For instance, one of the most common characters is the space, so you can easily guess many characters by just flipping a bit (space is 0x20 or 0b0010_0000 after all). You can see that a lot of combinations are not possible or unlikely and you can perform frequency analysis.



          This becomes even more powerful if you have 3 or more ciphertexts, as you can compare each and every pair, and if there are $n$ ciphertext then there are ${n cdot (n - 1)} over 2$ combinations to be made.






          share|improve this answer











          $endgroup$



          Let's say $C_1 = P_1 oplus K$ and $C_2 = P_2 oplus K$ where $P$ is a plaintext, $K$ is the key stream and $C$ is the ciphertext.



          Then if you XOR the two ciphertext together you get:



          $$C_1 oplus C_2 =\
          P_1 oplus K oplus P2 oplus K =\
          P_1 oplus P_2$$



          There are all kinds of interesting properties of the XOR of two plaintext together. For instance, one of the most common characters is the space, so you can easily guess many characters by just flipping a bit (space is 0x20 or 0b0010_0000 after all). You can see that a lot of combinations are not possible or unlikely and you can perform frequency analysis.



          This becomes even more powerful if you have 3 or more ciphertexts, as you can compare each and every pair, and if there are $n$ ciphertext then there are ${n cdot (n - 1)} over 2$ combinations to be made.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Apr 6 at 16:11

























          answered Apr 6 at 14:30









          Maarten BodewesMaarten Bodewes

          55.8k679196




          55.8k679196























              0












              $begingroup$

              In the stream-ciphers, same key-stream is not used two times, I mean that when you encrypt P1 with a Keystream (P1⊕Keystream), the same key-stream should never used for encrypting P2 (P2⊕Keystream). if you use same key-stream for two different encryption, then you cipher-texts are susceptible to "two time pad Attack". In this attack, Attacker captures C1 and C2 which they are encrypted in this way:



                       C1 = (P1⊕Keystream) 
              C2 = (P2⊕Keystream)


              Then attacker works out C1 ⊕ C2; which leads to P1 ⊕ P2. We know that (Keystream ⊕ Keystream = 1).



              Now attacker bases on some characteristics of plaintext (P1,P2) such as redundancy of ASCII codes, we can get the original plaintext.



              But we should remember that we use IV beside the Key for preventing of producing the same keystream.






              share|improve this answer









              $endgroup$


















                0












                $begingroup$

                In the stream-ciphers, same key-stream is not used two times, I mean that when you encrypt P1 with a Keystream (P1⊕Keystream), the same key-stream should never used for encrypting P2 (P2⊕Keystream). if you use same key-stream for two different encryption, then you cipher-texts are susceptible to "two time pad Attack". In this attack, Attacker captures C1 and C2 which they are encrypted in this way:



                         C1 = (P1⊕Keystream) 
                C2 = (P2⊕Keystream)


                Then attacker works out C1 ⊕ C2; which leads to P1 ⊕ P2. We know that (Keystream ⊕ Keystream = 1).



                Now attacker bases on some characteristics of plaintext (P1,P2) such as redundancy of ASCII codes, we can get the original plaintext.



                But we should remember that we use IV beside the Key for preventing of producing the same keystream.






                share|improve this answer









                $endgroup$
















                  0












                  0








                  0





                  $begingroup$

                  In the stream-ciphers, same key-stream is not used two times, I mean that when you encrypt P1 with a Keystream (P1⊕Keystream), the same key-stream should never used for encrypting P2 (P2⊕Keystream). if you use same key-stream for two different encryption, then you cipher-texts are susceptible to "two time pad Attack". In this attack, Attacker captures C1 and C2 which they are encrypted in this way:



                           C1 = (P1⊕Keystream) 
                  C2 = (P2⊕Keystream)


                  Then attacker works out C1 ⊕ C2; which leads to P1 ⊕ P2. We know that (Keystream ⊕ Keystream = 1).



                  Now attacker bases on some characteristics of plaintext (P1,P2) such as redundancy of ASCII codes, we can get the original plaintext.



                  But we should remember that we use IV beside the Key for preventing of producing the same keystream.






                  share|improve this answer









                  $endgroup$



                  In the stream-ciphers, same key-stream is not used two times, I mean that when you encrypt P1 with a Keystream (P1⊕Keystream), the same key-stream should never used for encrypting P2 (P2⊕Keystream). if you use same key-stream for two different encryption, then you cipher-texts are susceptible to "two time pad Attack". In this attack, Attacker captures C1 and C2 which they are encrypted in this way:



                           C1 = (P1⊕Keystream) 
                  C2 = (P2⊕Keystream)


                  Then attacker works out C1 ⊕ C2; which leads to P1 ⊕ P2. We know that (Keystream ⊕ Keystream = 1).



                  Now attacker bases on some characteristics of plaintext (P1,P2) such as redundancy of ASCII codes, we can get the original plaintext.



                  But we should remember that we use IV beside the Key for preventing of producing the same keystream.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Apr 6 at 15:20









                  Arsalan VahiArsalan Vahi

                  1169




                  1169















                      Popular posts from this blog

                      GameSpot

                      日野市

                      Tu-95轟炸機