# Why is ECB flawed?

***By Jinan Jiang***

In [2]:
from demo_lib import *

In [3]:
#feel free to change these parameters
num_encs_per_display = 8

---

## ECB is deterministic

Without using IV to incorporate extra randomness in each encryption, ECB mode will output the same cipher text whenever you encrypt the same plaintext.  

Let's explore how this means we can lose IND-CPA when using ECB
![image info](./images/ECB_encryption.png)

In [4]:
message = b"a 16-byte string" #16 bytes
key = random_bytes(32)

print("encrypting the same message with the same key in ECB multiple times yield the same cipher text: \n")

for _ in range(num_encs_per_display):
    cypher_text = AES_ECB_enc(data = message, key = key)
    print(cypher_text.hex())

encrypting the same message with the same key in ECB multiple times yield the same cipher text: 

9a96f2defc59a5879ac51fdca3fb5dc8
9a96f2defc59a5879ac51fdca3fb5dc8
9a96f2defc59a5879ac51fdca3fb5dc8
9a96f2defc59a5879ac51fdca3fb5dc8
9a96f2defc59a5879ac51fdca3fb5dc8
9a96f2defc59a5879ac51fdca3fb5dc8
9a96f2defc59a5879ac51fdca3fb5dc8
9a96f2defc59a5879ac51fdca3fb5dc8


***we can use the following function to break IND-CPA***

In [5]:
def break_ind_cpa(mode):
    #let m0 and m1 start with same bytes
    m0 = b'1' * 16 + random_bytes(32)
    m1 = b'2' * 16 + random_bytes(32)
    
    ind_cpa = ind_cpa_game(mode)
    challange_text = ind_cpa.send_messages(m0, m1)
    
    cipher_text_m0 = ind_cpa.query_message(m0)
    if cipher_text_m0[:16] == challange_text[:16]:
        #if first block of the challenge ciphertext is the same as that of 
        #    m0, we know that m0 was encrypted
        return ind_cpa.is_guess_correct(m0)
    else:
        #otherwise, m1 was encrypted, and we guess m1
        return ind_cpa.is_guess_correct(m1)
    
def calc_success_rate(mode, num_tries):
    success_rate = 0
    for _ in range(100):
        if break_ind_cpa(mode):
            success_rate += 1
    return success_rate

In [6]:
#feel free to change these parameters
num_iterations = 5

In [7]:
print("Using the above method, the emperical chances of winning the IND-CPA game in the ECB mode are :")
for _ in range(num_iterations):
    success_rate = calc_success_rate(mode = modes.ECB, num_tries = 100)
    print (str(success_rate) + '%')

Using the above method, the emperical chances of winning the IND-CPA game in the ECB mode are :
100%
100%
100%
100%
100%


In contrast, let's look at CBC and CFB

**Even though the first block (16 bytes) of input into CBC and CFB modes are the same, the use of IV adds in extra randomness such that the block of ciphertexts corresponding to the same plaintexts will look different.**  

**Therefore, the above method of breaking IND-CPA won't work in CBC or CFB anymore:**

In [8]:
print("Using the above method, the emperical chances of winning the IND-CPA game in the CBC mode are :")
for _ in range(num_iterations):
    success_rate = calc_success_rate(mode = modes.CBC, num_tries = 100)
    print (str(success_rate) + '%')

Using the above method, the emperical chances of winning the IND-CPA game in the CBC mode are :
44%
51%
48%
47%
50%


**Which is about 50%; it didn't win the IND-CPA game!**

In [9]:
print("Using the above method, the emperical chances of winning the IND-CPA game in the CFB mode are :")
for _ in range(5):
    success_rate = calc_success_rate(mode = modes.CFB, num_tries = 100)
    print (str(success_rate) + '%')

Using the above method, the emperical chances of winning the IND-CPA game in the CFB mode are :
44%
46%
51%
49%
53%


---

## On the other hand, CBC is not

In [10]:
message = b"a 16-byte string" #16 bytes
key = random_bytes(32)

print("encrypting the same message with the same key in CBC multiple times: \n")

for _ in range(num_encs_per_display):
    cypher_text = AES_CBC_enc(data = message, key = key, iv = random_bytes(16))
    print(cypher_text.hex())

encrypting the same message with the same key in CBC multiple times: 

d807f1e945bde697153412a33f926228
2ac2508ba9f491d63797c9e686d2fb1a
e0dc2239f7ed712d7e2456baccfade77
4a8a22e52e58733462fdd9051fa07a1b
d03a2dd00687e7fa06df6e98ec3e58f1
0c4536256e2687b1f98b6048b68a0e55
971fd5ab86cb9604bab1ed7881236547
40e83533ddc3e4e764266b6ffb55582e


---

## Let's also look at CFB if you are curious

In [11]:
message = b"a 16-byte string" #16 bytes
key = random_bytes(32)

print("encrypting the same message with the same key in CFB multiple times: \n")

for _ in range(num_encs_per_display):
    cypher_text = AES_CFB_enc(data = message, key = key, iv = random_bytes(16))
    print(cypher_text.hex())

encrypting the same message with the same key in CFB multiple times: 

78a8ca3490f6dbb44800d8215c582add
8fce2fe5bf7ffa6b289cd1f55d83fa86
c519316add75fa6a84f8d7fffb775521
b24ff7ba921c2a2a6b2cdaf10da1abf8
25e45596658108eb2c0fbdba01cb13cd
bb739da6c9f3b4518102b61608888981
3239b90c573f7c76a6272a28d6c328ab
87d0178a5b84b1486a0e32ae129d9df7
