Section on CBC padding attack does not mention IV about book HOT 5 OPEN

This is sorta intentional: a CBC padding attack occurs at the end of the ctext and you don't always control the IV. Your explanation hints at this somewhat, e.g.:

(Of course for the second block in the ciphertext, the first block should be used as ‘IV’.)

On page 70, the full expression is: D(Ci)[b] = 01 \xor r[b] as stated. In context (see p65 for a drawing) f you take R||Ci as the constructed ctext, you'll see that the IV is supplied (might be part of the ctext, might be fixed, whatever) -- but doesn't impact the target block. Does the expression make sense with the drawing?

from book.

GitHub seriously needs LaTeX support. 🙄

from book.

Oh.

This is sorta intentional.

Thanks for the explanation; I think I get your point. What I’d like to do now is, with your explanation as starting point, restate my original observation and see if the text could still be improved.

Does the expression make sense with the drawing?

So, the formula I complained about seems to me now, in a narrow sense, correct. When I complained that “[it] only [achieves us] the immediate output of D, not the plaintext”, well, the formula does certainly not promise otherwise. After all, it says D(Ci)[b], not Pi[b]. Is this what you meant?

Still I think it would be great if the text would explain... how to get from D(Ci)[b] to Pi[b] (and to point out the difference in the first place!). This seems in order if the target of the attack is the plaintext. While it’s true this step can be deduced by comparing the image in §7.9 with the original images for CBC decryption in §7.4, I can’t think of a reason not to help the reader here.

This explanation on how to get Pi[b] is useful even if the IV is not available, since it can be applied to every block except the first one. I think it could be added with no loss of generality? The text would just need to mention the difference between block 0, and the rest, with respect to the availability of the IV.

Does this at least make sense? “Help the reader” would be my main point.

from book.

Thanks for the explanation; I think I get your point. What I’d like to do now is, with your explanation as starting point, restate my original observation and see if the text could still be improved.

Yeah definitely: I didn't mean to sound dismissive of your issue, I do want to fix the text :)

I also agree the distinction between D(Ci) and Pi needs to be highlighted and particularly how you get from one to the other. How do you feel about writing prose?

from book.

I didn't mean to sound dismissive of your issue.

All is good. :)

How do you feel about writing prose?

Heh, I can look into if if you’d like. Should have time for it some time before the end of the month.

from book.