# Why CTR is worse than CBC when IV is reused?

***By Jinan Jiang, contact jinan@berkeley.edu for corrections***

In [2]:
from crypto_demo_lib import *

In [3]:
#feel free to change these parameters
num_encs_per_display = 16

---

## Reusing IV in CBC: can tell up to which blocks are identical

In [13]:
message = b"a 16-byte string" #16 bytes
print("Reusing IV in CTR:")
print("First few blocks are identical, which we can tell")
print("and later blocks start looking random since we are" 
      + "encrypting random messages in later blocks \n")

key = random_bytes(32)
iv = random_bytes(16)

for _ in range(num_encs_per_display):
    message = b"a 16-byte string" + random_bytes(16)
    cypher_text = AES_CBC_enc(data = message, key = key, iv = iv)
    print(cypher_text.hex())

Reusing IV in CTR:
First few blocks are identical, which we can tell
and later blocks start looking random since we areencrypting random messages in later blocks 

ff1e4a4b4f53df713cc7e5fcce31d3c707a096c6a83a78b02b34bbfc2763b623
ff1e4a4b4f53df713cc7e5fcce31d3c7f36d6f18ed80dbe2dc7f07ea87b0d8a4
ff1e4a4b4f53df713cc7e5fcce31d3c7522a55209ea94754999950ee614241b6
ff1e4a4b4f53df713cc7e5fcce31d3c7ec7e200657a0a9c7c0e058f78cb4e23a
ff1e4a4b4f53df713cc7e5fcce31d3c7e6b3df3b3bba958ef130285bad653587
ff1e4a4b4f53df713cc7e5fcce31d3c73a9216fd8dedf59b27691d456c5017c4
ff1e4a4b4f53df713cc7e5fcce31d3c796df994d9e88540ec3fd58587908e2b1
ff1e4a4b4f53df713cc7e5fcce31d3c7f6a6524fb6feb5397c1b98a2b9415cd0
ff1e4a4b4f53df713cc7e5fcce31d3c728ea6024c0d675ada80245aea05b405b
ff1e4a4b4f53df713cc7e5fcce31d3c7b2f0ee0e6c9bb7b65bea483cb4ee7172
ff1e4a4b4f53df713cc7e5fcce31d3c7eb909663b8402b14559be1b0bf02f445
ff1e4a4b4f53df713cc7e5fcce31d3c743c208ab8a193b77a89948f11785d02e
ff1e4a4b4f53df713cc7e5fcce31d3c7d918d2f020f8b6406eea9fa0

In [14]:
print("Reusing IV in CBC:")
print("Later half have identical plaintext, but we cannot tell \n")

key = random_bytes(32)
iv = random_bytes(16)

for _ in range(num_encs_per_display):
    message = random_bytes(16) + b"a 16-byte string"
    cypher_text = AES_CBC_enc(data = message, key = key, iv = iv)
    print(cypher_text.hex())

Reusing IV in CBC:
Later half have identical plaintext, but we cannot tell 

e3ddda71105ab1093e55ba361c78f51629f324c757c7c74bd62814534ceb3820
0d40272b5503bf6928e00a3a4f81a42b0cb7d247a533dff760f4537eb3f7a35c
f011a8e30b969f435bf0b60d1021eace7921c5336b91c9d33deca835e4688677
8bb66b0b2338fd8431831271b6d33d94ff5e51780ab2dcf542d91477dd8704f3
ad1cac6c73659be0fa68b3a76c3412986726ce28c99f2de9e2df8be42025447b
7b54b4fc876cb896dcc26d9896ecd6447ac209b0ceb648317b90431a594674fc
38d45dcec35ef78ddc37f8580a1c99fd57ed57813c6ccc263f5131c508cfc08f
a7dbc7b4b431ee38fef54bbce22c5937f8f665b4a81fa60468e9f1786ecf0d28
2ae307f607815b23fdc445fdfb04d0723514ded5f9665d24418109031cfc2db0
2137b2ce94d2659e5eb614a4d5bd19ee5c435d84e5c64c6a97af6261ac77a769
c56534170ed00ccf802fdb74bac00f4da7ffabe3394f1dfa49e4dcb4c3e3edb9
98812fb89c9fd35d02d58e44f2a84ad38f64385be535a76a383f8b3afe180b52
0a30334b6814042a591523c7995f1a7880b4df5c17d4ed079a71c70f18e94b7b
fc6806abeabf645d7406930a764729b4a00f915ffa456c1cca38608e55db0cbb
c47d1dd4fbff2

---

## Reusing IV in CTR: can tell which blocks are identical (worse)

In [17]:
print("Reusing IV in CTR:")
print("We can tell the first few blocks are identical \n")

key = random_bytes(32)
iv = random_bytes(16)

for _ in range(num_encs_per_display):
    message = b"a 16-byte string" + random_bytes(16)
    cypher_text = AES_CTR_enc(data = message, key = key, iv = iv)
    print(cypher_text.hex())

Reusing IV in CTR:
We can tell the first few blocks are identical 

657697823f98c38ecc15ec144fdbe54b6e11d82a71ddcff08c1ea2376ba116cb
657697823f98c38ecc15ec144fdbe54bffb461954f1c20c830da2abc119ca90f
657697823f98c38ecc15ec144fdbe54badc842765ddea53c2a052f9731f7dd42
657697823f98c38ecc15ec144fdbe54bccdf3274da80b1cf0e57107620f185e1
657697823f98c38ecc15ec144fdbe54b2a1e8a3fdb0f9a23c3a311f87fd85d07
657697823f98c38ecc15ec144fdbe54bc15d3c72c9b96a55b096ab5c0bbd18a0
657697823f98c38ecc15ec144fdbe54b8de8ab5ea0c4ebe44f88b9c484d97213
657697823f98c38ecc15ec144fdbe54bb0d7518a4cab46d5bd948f6d12e67d5d
657697823f98c38ecc15ec144fdbe54b3eefd81c11bcf5920ab4f2a93af3365a
657697823f98c38ecc15ec144fdbe54b9f878b9fd291b56df2dcc46db4558f52
657697823f98c38ecc15ec144fdbe54b48cbf77447ac19befe189493ffd70355
657697823f98c38ecc15ec144fdbe54bcb24cf9581b13800a04ff516dcad9d73
657697823f98c38ecc15ec144fdbe54b40b3dc8e004a0d9caf7f1b385e5fcb2a
657697823f98c38ecc15ec144fdbe54b773bd01b95c763faf13fc5ceaeab5df6
657697823f98c38ecc15ec

In [16]:
print("Reusing IV in CTR:")
print("We can tell the last few blocks are identical \n")

key = random_bytes(32)
iv = random_bytes(16)

for _ in range(num_encs_per_display):
    message = random_bytes(16) + b"a 16-byte string"
    cypher_text = AES_CTR_enc(data = message, key = key, iv = iv)
    print(cypher_text.hex())

Reusing IV in CTR:
We can tell the last few blocks are identical 

1b4c49f9e7adfd786ae37529fd201fbb5388a9fe75d573ae15d40f0d2f6327ee
d27d5e40118ac2c75e1bd4d0034ce7ed5388a9fe75d573ae15d40f0d2f6327ee
8cd06a3d2fdd70487bcdf88bd033e6795388a9fe75d573ae15d40f0d2f6327ee
6763d1aeff76f32fb2c04b1f238a6eac5388a9fe75d573ae15d40f0d2f6327ee
596c30198b4a4499e3e0e61da701cc885388a9fe75d573ae15d40f0d2f6327ee
388faaff1722fe091fbe12d051838c3f5388a9fe75d573ae15d40f0d2f6327ee
5920034852c6f15b60c264e5cd5ff9155388a9fe75d573ae15d40f0d2f6327ee
61763ef8dca99eea0dfc344da92e738e5388a9fe75d573ae15d40f0d2f6327ee
30f2d4bef6b361c87898a7afcbd51dc95388a9fe75d573ae15d40f0d2f6327ee
7cd5812e1dfaa89a3cb4ee176d00adf65388a9fe75d573ae15d40f0d2f6327ee
2b5a51e31ea9a8e7dcb9b8cae890d6515388a9fe75d573ae15d40f0d2f6327ee
a06badee85e11a6d39198ed2c1a66b6c5388a9fe75d573ae15d40f0d2f6327ee
711dd23adaa9a9c3cca0a09d0a1ef1d05388a9fe75d573ae15d40f0d2f6327ee
7e7713c113810d4f2c101a742f98b6305388a9fe75d573ae15d40f0d2f6327ee
8ed99e8377b889d696ada27

---

## Still, keep in mind to never reuse IV :)

---