cryptography - For AES CBC encryption, whats the importance of the IV?

Question

What is the security threat of always using all zeroes for the IV? If it allows the encrypted text to be deciphered, how could an attacker do that?

UPDATE: So then, if the first block of unencrypted data had a timestamp that never repeated, would an IV still be necessary?

Answer 1

Once the attacker has one plaintext message and the matching ciphertext (perhaps she intercepted it somewhere else, like the destination), she will be able to know when any other messages with the same starting sequence are sent. Since she can learn something about the contents of your encrypted messages, this is insecure.

It also allows the attacker to perform frequency analysis. For example, imagine that your plaintext messages are commands to the backend of a stock market platform, so they all start with either "COMMAND=BUY" or "COMMAND=SELL". This means that the encrypted messages start with only two different ciphertext sequences. The attacker can't directly decrypt them - but if she is able to later observe how many SELL orders you placed through observing the market data, she'll be able to go back and work out which is which, and from now on she'll know exactly which orders you are placing as you place them.

Frequency analysis is how simple substitution ciphers are broken, and this is no coincidence - using a fixed IV means that the initial portion of your messages are effectively just using substitution, a block at a time.