A security analyst reviews a cryptographic implementation and notices that the same initialization vector (IV) is used repeatedly with the same key in CBC mode. What is the primary risk?
IV reuse can lead to identical ciphertext blocks for identical plaintext, revealing patterns.
Why this answer
In CBC (Cipher Block Chaining) mode, the initialization vector (IV) is XORed with the first plaintext block before encryption. Reusing the same IV with the same key means that identical plaintext blocks will produce identical ciphertext blocks, revealing patterns in the data. This directly breaks confidentiality, as an attacker can detect repeated plaintext segments, infer message structure, or even recover plaintext through known-plaintext attacks.
Exam trap
The trap here is that candidates often confuse confidentiality with integrity or authentication, mistakenly thinking IV reuse primarily enables data tampering (integrity) or impersonation (authentication), when in fact the core cryptographic weakness is the exposure of plaintext patterns, directly violating confidentiality.
How to eliminate wrong answers
Option B is wrong because loss of authentication refers to the inability to verify the origin or identity of the sender, which is not directly caused by IV reuse; CBC mode does not provide authentication by itself (that requires a MAC). Option C is wrong because non-repudiation is a property that prevents a party from denying an action, typically provided by digital signatures, not by CBC mode or IV usage. Option D is wrong because loss of integrity means data has been tampered with undetected; while IV reuse can enable certain attacks (e.g., bit-flipping), the primary and most immediate risk is the exposure of plaintext patterns, i.e., loss of confidentiality.