# Re: Rijndael: IV Required for Decryption?

From: Damien (Damien_The_Unbeliever_at_hotmail.com)
Date: 08/12/05

```Date: 11 Aug 2005 23:33:09 -0700

```

MikeP wrote:
> Interesting... Upon closer inspection of the code, I think (not
> positive) that the IV is in fact being stored as the first block in the
> encrypted data segment... which would explain why the decryption
> routine skips the first block. I think that storing the IV in the
> beginning of the sequence would cause the algorithm to not match test
> vectors, if this is not a standard practice. Author states that
> algorithm conforms to test vectors.
>
> Still, we're getting side tracked! I can figure out what the algorithm
> is doing. The main question is, fundamentally, is the IV used for
> decryption? Where and when does this occur?

Yes, the IV is being used for decryption - during the loop, in CBC
mode, the block being dealt with is XORed with the previous block. So
once we reach the final pass through the loop (which will return the
first real block of plaintext, remember, as we are working backwards),
the XOR is done with the previous block (i.e. block 0) - which in this
case is the IV.

Damien

## Relevant Pages

• Re: Rijndael: IV Required for Decryption?
... positive) that the IV is in fact being stored as the first block in the ... beginning of the sequence would cause the algorithm to not match test ... algorithm conforms to test vectors. ...
(sci.crypt)
• Re: Unique Key vs. Initialization Vector ?
... > algorithm and it will take some time. ... function of the plaintext (less the first block). ... > authentication from the scheme. ... Wouldn't each plaintext need a different such shared secret? ...
(sci.crypt)
• Re: Rijndael: IV Required for Decryption?
... >positive) that the IV is in fact being stored as the first block in the ... >algorithm conforms to test vectors. ... Greg Rose ...
(sci.crypt)