4
votes

If a random IV is used in encrypting plain text, how does the receiver of the cipher text know what the IV is in order to decrypt it?

This is a follow-up question to a response to the previous stackoverflow question on IVs here.

The IV allows for plaintext to be encrypted such that the encrypted text is harder to decrypt for an attacker. Each bit of IV you use will double the possibilities of encrypted text from a given plain text.

The point is that the attacker doesn't know what the IV is and therefore must compute every possible IV for a given plain text to find the matching cipher text. In this way, the IV acts like a password salt. Most commonly, an IV is used with a chaining cipher (either a stream or block cipher). ...

So, if you have a random IV used to encrypt the plain text, how do you decrypt it? Simple. Pass the IV (in plain text) along with your encrypted text.

Wait. You just said the IV is randomly generated. Then why pass it as plain text along with the encrypted text?

2

2 Answers

9
votes

The answer that you quote is wrong. So don't worry if it does not make sense to you. IVs don't make breaking a ciphertext harder. IVs are ususlly just prepended to the ciphertext and hence known to a potential attacker.

The main reason to use IVs is to randomize the ciphertext. If you encrypt the same plaintext twice with the same key, but different IVs then the ciphertext should be different. Ideally an attacker should not be able to tell if two ciphertexts correspond to the same plaintext or different plaintexts of the same length. More formally, IVs are used so that the encryption has ciphertext indistinguishability.

0
votes

If a random IV is used in encrypting plain text, how does the receiver of the cipher text know what the IV is in order to decrypt it?

  1. The Wikipedia article on Initialization vectors provides several examples of ways to tell the receiver what the IV is.

Wait. You just said the IV is randomly generated. Then why pass it as plain text along with the encrypted text?

  1. If the IV is randomly generated (at encrypt time), then only the sender knows what it is. In order to decrypt the message, the receiver needs to know the IV too.