LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

In CBC mode, what happens if you use the same IV for two different messages encrypted with the same key?

If the first plaintext blocks are identical, the first ciphertext blocks will also be identical — leaking the fact that the messages start the same way.

The problem:

If IV is reused and M1_block1 = M2_block1:
C1_block1 = E(K, M1_block1 ⊕ IV) = E(K, M2_block1 ⊕ IV) = C2_block1

An attacker can detect when two messages begin with the same content, breaking semantic security.

More severely: With chosen-plaintext attacks, IV reuse in CBC enables the BEAST attack (Browser Exploit Against SSL/TLS), which was used to break TLS 1.0 in practice.

Rule: The IV must be random and unpredictable for each message. It doesn't need to be secret (it's typically sent alongside the ciphertext), but it must be fresh.

Go deeper:

From Quiz: KRYPTOG / Symmetric Cryptography | Updated: Jul 14, 2026