# Why CTR is worse than CBC when IV is reused?

***By Jinan Jiang***

In [3]:
from demo_lib import *

In [4]:
#feel free to change these parameters
num_encs_per_display = 16

---

## Reusing IV in CBC: can tell up to which blocks are identical

In [5]:
message = b"a 16-byte string" #16 bytes
print("Reusing IV in CTR:")
print("First few blocks are identical, which we can tell")
print("and later blocks start looking random since we are" 
      + "encrypting random messages in later blocks \n")

key = random_bytes(32)
iv = random_bytes(16)

for _ in range(num_encs_per_display):
    message = b"a 16-byte string" + random_bytes(16)
    cypher_text = AES_CBC_enc(data = message, key = key, iv = iv)
    print(cypher_text.hex())

Reusing IV in CTR:
First few blocks are identical, which we can tell
and later blocks start looking random since we areencrypting random messages in later blocks 

ee45ec520e4fb031fbe3f57c9999eeaf7f30250eb6af9e11d1921228ac31fd0d
ee45ec520e4fb031fbe3f57c9999eeaf07d846cce021aa14b4e47898925b5d6a
ee45ec520e4fb031fbe3f57c9999eeaf58f4f2a12756217ad56166b4d551954b
ee45ec520e4fb031fbe3f57c9999eeafcabb1fa95bfdd0f6973f0bcce70bb421
ee45ec520e4fb031fbe3f57c9999eeaf4d02746d82b16b02edcf96760eefb7c3
ee45ec520e4fb031fbe3f57c9999eeafb2d9356910a8d1b467a1b820601baa01
ee45ec520e4fb031fbe3f57c9999eeaf24b94e4a4298fe9225949db53e21fc97
ee45ec520e4fb031fbe3f57c9999eeaf053ebf3aff35acb1bf3be3aacec81e8b
ee45ec520e4fb031fbe3f57c9999eeafb72e57afaba57169b1d097bc11f2e140
ee45ec520e4fb031fbe3f57c9999eeaf084f15d72dc3e380c9fd002a436b03d8
ee45ec520e4fb031fbe3f57c9999eeaf7d9e4222c0af2146cb199ca59d709c95
ee45ec520e4fb031fbe3f57c9999eeaf03ec8506258deab9ec4bce8a16cc2a96
ee45ec520e4fb031fbe3f57c9999eeaf0af073b7b93b0451e60c8b99

In [6]:
print("Reusing IV in CBC:")
print("Later half have identical plaintext, but we cannot tell \n")

key = random_bytes(32)
iv = random_bytes(16)

for _ in range(num_encs_per_display):
    message = random_bytes(16) + b"a 16-byte string"
    cypher_text = AES_CBC_enc(data = message, key = key, iv = iv)
    print(cypher_text.hex())

Reusing IV in CBC:
Later half have identical plaintext, but we cannot tell 

9be4d0ac7f7576628282a37870be95d0c4b4a1645e7bf420b80570243252edcc
2b078a9c0c48cc1ef911e10881a913070cb592731320f9bd3925638a295b67aa
4c0dcdb315ef84772350b2ff2045e4399d31d2c94847f6bd8e118500f5bee474
bca5418548cdaed999413ab0829873031fe54137d047b31ab5ec96872ac972f0
502c3b8727b28b12395e92a3ae0d2c82ec8ebe9dcaea296c1e61444bd74e2033
d939c5d7cff7cadb20994e9d80e3825e5f91df6ff14563b803d7bc1895978776
5bff5da9756fe127c3d58afadf46d819e8ad56b9f353230ef65a85470109f3a8
0c17a5b513bd2671a49600e12c7e4833087e63bda22b4ce3d2d409721c9f75bb
d2776cb65d9096f9ac00789d716aab6770341b0a7bb25a12f5b0a5273f89d5c2
2a50ed57598d90e167710eedca8d3db1bc26ec8f362911feff4ca17365d8324f
4d5200dd48c79ab99853bdb58816fc0ac0ad77a95048834ab72ab237bde975b9
986b03e513aa698d673438b2b915369373aa830c01af3f66c4ee1ba343683fa8
f9626126e5fb7df253c1900486e962682652ca97e72f308de1a25c524c2e9a10
c6f940d60f1a510f7cc2cf26d133ddfcfb364bfe8a0cd940a3dcd036956f358a
53fe28ad8254f

---

## Reusing IV in CTR: can tell which blocks are identical (worse)

In [7]:
print("Reusing IV in CTR:")
print("We can tell the first few blocks are identical \n")

key = random_bytes(32)
iv = random_bytes(16)

for _ in range(num_encs_per_display):
    message = b"a 16-byte string" + random_bytes(16)
    cypher_text = AES_CTR_enc(data = message, key = key, iv = iv)
    print(cypher_text.hex())

Reusing IV in CTR:
We can tell the first few blocks are identical 

33f1a7267a523240b0b322b0f1a016c2f0c8f5b11a3e00bd453669d03542abf5
33f1a7267a523240b0b322b0f1a016c2fa1e6038ef02f534d0d08b4a01373d80
33f1a7267a523240b0b322b0f1a016c24769d6f39fb16432fa6c545fd4e7be37
33f1a7267a523240b0b322b0f1a016c2e11cc9c61c6ca58dac3e64dba9c7fe10
33f1a7267a523240b0b322b0f1a016c231a081bc2c62d03a3e0ed2c0d58c6b11
33f1a7267a523240b0b322b0f1a016c283ade42f8874c0cc3d57831d99d4659a
33f1a7267a523240b0b322b0f1a016c2da491bc9d1903e7cfae7d5dd9da3b0ce
33f1a7267a523240b0b322b0f1a016c29093b6fcd744a2b93198a58f6aa46db6
33f1a7267a523240b0b322b0f1a016c2e37122079bd59204c13213bdda54b009
33f1a7267a523240b0b322b0f1a016c29fe278381eeef90690e433d4d22a55b1
33f1a7267a523240b0b322b0f1a016c297a17665bcf29dffd0d3d7fbfc5ec59e
33f1a7267a523240b0b322b0f1a016c2b4be043aeafc95b7837d47aa246c4c51
33f1a7267a523240b0b322b0f1a016c2a87f1ac75ef8d353bc4ec5b037f15abb
33f1a7267a523240b0b322b0f1a016c20e7e03abf990fc1537efe7e8294b9fd2
33f1a7267a523240b0b322

In [8]:
print("Reusing IV in CTR:")
print("We can tell the last few blocks are identical \n")

key = random_bytes(32)
iv = random_bytes(16)

for _ in range(num_encs_per_display):
    message = random_bytes(16) + b"a 16-byte string"
    cypher_text = AES_CTR_enc(data = message, key = key, iv = iv)
    print(cypher_text.hex())

Reusing IV in CTR:
We can tell the last few blocks are identical 

0ca8791246a0f2a594ac2e98006776f06d0a4d819d8530d3e7a39681b4fba514
9c7c64e01d79c8992948affcc329ab746d0a4d819d8530d3e7a39681b4fba514
a01ef6362417bd245a88b8602d841c926d0a4d819d8530d3e7a39681b4fba514
50fc6f1fbe5a079ec103285ff34e3f986d0a4d819d8530d3e7a39681b4fba514
b5b472ec6f19a894283bd2b0959e124f6d0a4d819d8530d3e7a39681b4fba514
2016e22423adca62880baa5f690264846d0a4d819d8530d3e7a39681b4fba514
2c22b7828d3c300cbbb4fc972f296bed6d0a4d819d8530d3e7a39681b4fba514
d5ba038f2b9f8320cefebc36a7c245096d0a4d819d8530d3e7a39681b4fba514
cfa04a29c67ee5f9d80839554d42b6f96d0a4d819d8530d3e7a39681b4fba514
fdec1421caeec7cf1a57454166f371846d0a4d819d8530d3e7a39681b4fba514
0a4135a3ceac13f93e038e33a6eff6276d0a4d819d8530d3e7a39681b4fba514
b0421eec4856d1c49cd15924e3e36a586d0a4d819d8530d3e7a39681b4fba514
3512c8780c6bdaff9ce84e3d62498e566d0a4d819d8530d3e7a39681b4fba514
a678a62c8c8d6f23652ec01b8ab680736d0a4d819d8530d3e7a39681b4fba514
624e271c5c7d0aa154f9151

---

## Still, keep in mind to never reuse IV :)

---