论文信息 - Known-IV, Known-in-Advance-IV, and Replayed-and-Known-IV Attacks on Multiple Modes of Operation of Block Ciphers

Known-IV, Known-in-Advance-IV, and Replayed-and-Known-IV Attacks on Multiple Modes of Operation of Block Ciphers

Normally, it has been believed that the initial values of cryptographic schemes do not need to be managed secretly unlike the secret keys. However, we show that multiple modes of operation of block ciphers can suffer a loss of security by the state of the initial values. We consider several attacks according to the environment of the initial values; known-IV attack, known-in-advance-IV attack, and replayed-and-known-IV attack. Our attacks on cascaded three-key triple modes of operation requires 3-7 blocks of plaintexts (or ciphertexts) and 3 · 256-9 · 256 encryptions. We also give the attacks on multiple modes proposed by Biham.

[1] Mitsuru Matsui,et al. Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[2] David A. Wagner. Cryptanalysis of Some Recently-Proposed Multiple Modes of Operation , 1998, FSE.

[3] Seokhie Hong,et al. Known-IV Attacks on Triple Modes of Operation of Block Ciphers , 2001, ASIACRYPT.

[4] Eli Biham. Cryptanalysis of Triple Modes of Operation , 1999, Journal of Cryptology.

[5] Eli Biham,et al. Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[6] Bart Preneel,et al. On the Security of Double and 2-Key Triple Modes of Operation , 1999, FSE.

[7] Eli Biham,et al. Cryptanalysis of Multiple Modes of Operation , 1994, Journal of Cryptology.