In cryptography, an initialization vector (IV) can achieve semantic security, a property whereby the encryption under the same key does not generate repeated patterns so that an attacker cannot infer relationships between plaintext and ciphertext. Which of the following statements about IV is not true?
A. IV is an arbitrary number that is used only once.
B. IV must be protected to the extent which is as secure as the secret key.
C. An incorrect IV used for decryption in CBC mode causes only the first block of plaintext to be corrupted, not the remaining.
D. Counter (CTR) mode turns a block cipher into a stream cipher and doesn’t employ an IV in the strict sense.
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. IV must be protected to the extent which is as secure as the secret key.
According to Kerckhoffs’s principle, a cryptographic system should be secure even if everything about the system, except the key, is public knowledge.
As IV is not the key, we don’t have to protect it to the extent which is as secure as the secret key. It features:
- The IV must be random and unpredictable.
- The IV can be (and usually is) made public.
According to Wikipedia, “decrypting with the incorrect IV causes the first block of plaintext to be corrupt but subsequent plaintext blocks will be correct.”
Counter (CTR) mode uses nonce, that can be treated equivalent to the initialization vector (IV). However, it doesn’t employ an IV in the strict sense.