Chris M. Thomasson wrote:
> This of a quasi known plaintext attack. Perhaps something like:
>
>
https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html
>
> We know a certain structure. In a block cipher we can infer that certain
> data is in the first several blocks. In my wide block cipher, where the
> size of the plaintext plus its prepended TRNG bytes, is the whole block.
> There is no way to break it apart into components.
>
> However, I can create a new version that artificially sets a block size
> to be smaller than the whole. Each individual block would be bit
> sensitive, instead of the whole. Take a plaintext size divide it by say,
> 7, this is the block size except for the final block which may be larger
> to handle remainders. Afaict, this is not as secure as a wide block.
>
The link doesn't exactly explain how one could mount a known-plaintext
attack. What's more, secure modes such as AES-CBC with a random IV (when
done properly) are provably resistant to CPA/KPA as long as the
following are met:
(a) you encrypt less than 2^(n/2) blocks where n is the block size (for
AES-128 this is 2^64)
(b) The cipher itself (AES) is resistant to CPA/KPA
The advantage of building in blocks (first the primitive, then the mode
of operation, e.t.c.) is that often you can *prove* that a certain
construction is secure as long as all its elements are secure.
On the other hand, if you bundle everything up without separating into
layers, proving that the security of something relies on anything
becomes impossible. It just becomes a giant mess which people have to
*hope* is secure.
If you want bit level sensitivity, create a primitive C = CHRIS(P, K)
which is a regular block/stream cipher which gives the same ciphertext
for the same plaintext and vice versa, and THEN use this primitive in a
mode that supplies bit-level sensitivity (such as Adiantum or PCBC mode).
In this case you will be able to reduce the requirements of the CHRIS
function to simply behaving like a random function. The PCBC will
automatically take care of the bit-level sensitivity and there is no
need to take care of it in the cipher.
Bonus point: your encryption system will become much more versatile, you
could be able to use it as a stream cipher in CHRIS-CTR mode, for disk
encryption in CHRIS-XTS mode, e.t.c.
If curious you can read re the PCBC mode here:
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Propagating_Cipher_Block_Chaining_(PCBC)