# Understanding Different Modes of Block Cipher 

Consider two messages, each of which owns n blocks: $M_1 = m_1||m_2||...||m_n$ and $M_2 = m'_1||m_2||...||m_n$, where $M_1$ and $M_2$ differ only in the first block. For instance, 

$M_1$ = "11335577 is my student ID. We will encrypt the message with different ways."  
$M_2$ = "22446688 is my student ID. We will encrypt the message with different ways."

Which of the following statements hold? Assume the same key is used for all encryption.

1) If $M_1$ and $M_2$ are encrypted using `Electronic Code Book (ECB)`, none of the cipher text blocks will repeat between each message.
2) If $M_1$ and $M_2$ are encrypted using `Cipher Block Chaining (CBC)`, but the same Initialization Vector (IV) is used for encrypting both messages, none of the cipher text blocks will repeat between each message.

In [2]:
M1 = b"11335577 is my student ID. We will encrypt the message in different ways."
M2 = b"22446688 is my student ID. We will encrypt the message in different ways."

In [1]:
!python -m pip install cryptography

Defaulting to user installation because normal site-packages is not writeable


## Available modes in OpenSSL

aes-[128|192|256]-cbc  128/192/256 bit AES in CBC mode  
aes[128|192|256]       Alias for aes-[128|192|256]-cbc  
aes-[128|192|256]-cfb  128/192/256 bit AES in 128 bit CFB mode  
aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode  
aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode  
aes-[128|192|256]-ctr  128/192/256 bit AES in CTR mode  
aes-[128|192|256]-ecb  128/192/256 bit AES in ECB mode  
aes-[128|192|256]-ofb  128/192/256 bit AES in OFB mode

In [3]:
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives.padding import PKCS7

In [4]:
import random

SEED = 0
BLOCK_SIZE = 128

# seed
random.seed(0)

# generate random key and iv
KEY = bytes(random.randrange(256) for _ in range(BLOCK_SIZE // 8))
IV = bytes(random.randrange(256) for _ in range(BLOCK_SIZE // 8))
print(KEY.hex(), IV.hex())

c5d71484f8cf9bf4b76f47904730804b 9e3225a9f133b5dea168f4e2851f072f


In [5]:
# create padder that required by ECB and CBC modes, https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/
padder, unpadder = PKCS7(BLOCK_SIZE).padder(), PKCS7(BLOCK_SIZE).unpadder()
padded_data = padder.update(M1) + padder.finalize()
print(padded_data)
print(unpadder.update(padded_data) + unpadder.finalize())

padder, unpadder = PKCS7(BLOCK_SIZE).padder(), PKCS7(BLOCK_SIZE).unpadder()
padded_data = padder.update(M2) + padder.finalize()
print(padded_data)
print(unpadder.update(padded_data) + unpadder.finalize())

b'11335577 is my student ID. We will encrypt the message in different ways.\x07\x07\x07\x07\x07\x07\x07'
b'11335577 is my student ID. We will encrypt the message in different ways.'
b'22446688 is my student ID. We will encrypt the message in different ways.\x07\x07\x07\x07\x07\x07\x07'
b'22446688 is my student ID. We will encrypt the message in different ways.'


In [6]:
def encrypt_then_decrypt(plaintext, mode=modes.ECB()):
    cipher = Cipher(algorithms.AES(KEY), mode)
    encryptor, decryptor = cipher.encryptor(), cipher.decryptor()
    padder, unpadder = PKCS7(128).padder(), PKCS7(128).unpadder()

    # encrypt
    if len(plaintext) % 16 != 0:
        padded_data = padder.update(plaintext) + padder.finalize()
    else:
        padded_data = plaintext

    ciphered_data = encryptor.update(padded_data) + encryptor.finalize()

    # decrypt
    decipered_data = decryptor.update(ciphered_data) + decryptor.finalize()
    if len(plaintext) % 16 != 0:
        unpadded_data = unpadder.update(decipered_data) + unpadder.finalize()
        assert plaintext == unpadded_data

    return ciphered_data

In [7]:
import textwrap

color2num = dict(
    gray=30,
    red=31,
    green=32,
    yellow=33,
    blue=34,
    magenta=35,
    cyan=36,
    white=37,
    crimson=38,
)

def colorize(string, color, bold=True, highlight=False):
    """
    Colorize a string.

    This function was originally written by John Schulman.
    """
    attr = []
    num = color2num[color]
    if highlight:
        num += 10
    attr.append(str(num))
    if bold:
        attr.append("1")
    return "\x1b[%sm%s\x1b[0m" % (";".join(attr), string)

def visual_hex_diff(bstr_1, bstr_2, hex_names=("HEX 1", "HEX 2")):
    SEP = "   |   "
    print("  ", f"{hex_names[0]}".ljust(16 + 7), hex_names[1], sep=SEP)
    # block level
    hex_1, hex_2 = textwrap.wrap(bstr_1.hex(), 16), textwrap.wrap(bstr_2.hex(), 16)
    for i, (block_1, block_2) in enumerate(zip(hex_1, hex_2)):
        # byte level
        block_1, block_2 = textwrap.wrap(block_1, 2), textwrap.wrap(block_2, 2)
        block_2 = [colorize(v2, "red" if v1 != v2 else "green") for v1, v2 in zip(block_1, block_2)]
        print(str(i).rjust(2), " ".join(block_1).ljust(16 + 7), " ".join(block_2).ljust( 16 + 7), sep=SEP)

In [8]:
ciphered_M1 = encrypt_then_decrypt(M1, modes.ECB())
ciphered_M2 = encrypt_then_decrypt(M2, modes.ECB())
visual_hex_diff(ciphered_M1, ciphered_M2, ["deciphered M1", "deciphered M2"])

     |   deciphered M1             |   deciphered M2
 0   |   f9 ac 8d ae 3b fe f7 44   |   [31;1m91[0m [31;1m59[0m [31;1m26[0m [31;1m98[0m [31;1m55[0m [31;1m62[0m [31;1m5c[0m [31;1mc3[0m
 1   |   88 0c 3c 13 ee 28 ee b2   |   [31;1m93[0m [31;1m9c[0m [31;1m01[0m [31;1m87[0m [31;1m87[0m [31;1m7e[0m [31;1mc1[0m [31;1me0[0m
 2   |   e4 1e 2f ad aa 39 39 21   |   [32;1me4[0m [32;1m1e[0m [32;1m2f[0m [32;1mad[0m [32;1maa[0m [32;1m39[0m [32;1m39[0m [32;1m21[0m
 3   |   55 21 cd f8 04 20 a7 d9   |   [32;1m55[0m [32;1m21[0m [32;1mcd[0m [32;1mf8[0m [32;1m04[0m [32;1m20[0m [32;1ma7[0m [32;1md9[0m
 4   |   e5 ae 86 39 1e a0 18 5b   |   [32;1me5[0m [32;1mae[0m [32;1m86[0m [32;1m39[0m [32;1m1e[0m [32;1ma0[0m [32;1m18[0m [32;1m5b[0m
 5   |   be 9f da d5 16 05 d4 1b   |   [32;1mbe[0m [32;1m9f[0m [32;1mda[0m [32;1md5[0m [32;1m16[0m [32;1m05[0m [32;1md4[0m [32;1m1b[0m
 6   |   56 c8 43 97 48 49 ee f2   |   [

In [9]:
ciphered_M1 = encrypt_then_decrypt(M1, modes.CBC(IV))
ciphered_M2 = encrypt_then_decrypt(M2, modes.CBC(IV))
visual_hex_diff(ciphered_M1, ciphered_M2, ["deciphered M1", "deciphered M2"])

     |   deciphered M1             |   deciphered M2
 0   |   51 0a 1f 95 1e 74 d2 bd   |   [31;1m04[0m [31;1md7[0m [31;1m5e[0m [31;1m34[0m [31;1m54[0m [32;1m74[0m [31;1mef[0m [31;1md6[0m
 1   |   91 8c 60 7c 59 ec c7 08   |   [31;1mc9[0m [31;1m3c[0m [31;1m7b[0m [31;1m27[0m [31;1m67[0m [31;1md0[0m [31;1m3a[0m [31;1m2c[0m
 2   |   de f5 a0 a2 86 d7 8a 6f   |   [31;1mfb[0m [31;1m32[0m [31;1m41[0m [31;1m7b[0m [31;1mf8[0m [31;1ma8[0m [31;1m0a[0m [31;1mb3[0m
 3   |   b5 68 ee fc 92 43 91 a9   |   [31;1mbd[0m [31;1m46[0m [31;1m27[0m [31;1m41[0m [31;1m30[0m [31;1m51[0m [31;1m07[0m [31;1m25[0m
 4   |   81 73 cc 12 21 7f 0a 39   |   [31;1mc5[0m [31;1maa[0m [31;1m36[0m [31;1m45[0m [31;1m1c[0m [31;1mb2[0m [31;1mf9[0m [31;1ma4[0m
 5   |   2a 73 82 19 ed 52 c6 01   |   [31;1m22[0m [31;1mce[0m [31;1m4a[0m [31;1mac[0m [31;1me2[0m [31;1mda[0m [31;1med[0m [31;1m57[0m
 6   |   65 34 86 05 59 b1 c8 aa   |   [