Re: Rijndael: IV Required for Decryption?

From: Damien (
Date: 08/12/05

Date: 11 Aug 2005 23:33:09 -0700

MikeP wrote:
> Interesting... Upon closer inspection of the code, I think (not
> positive) that the IV is in fact being stored as the first block in the
> encrypted data segment... which would explain why the decryption
> routine skips the first block. I think that storing the IV in the
> beginning of the sequence would cause the algorithm to not match test
> vectors, if this is not a standard practice. Author states that
> algorithm conforms to test vectors.
> Still, we're getting side tracked! I can figure out what the algorithm
> is doing. The main question is, fundamentally, is the IV used for
> decryption? Where and when does this occur?

Yes, the IV is being used for decryption - during the loop, in CBC
mode, the block being dealt with is XORed with the previous block. So
once we reach the final pass through the loop (which will return the
first real block of plaintext, remember, as we are working backwards),
the XOR is done with the previous block (i.e. block 0) - which in this
case is the IV.