论文信息 - Cryptanalysis of the ANSI X9.52 CBCM mode

Cryptanalysis of the ANSI X9.52 CBCM mode

In this paper we cryptanalyze the CBCM mode of operation, which was almost included in the ANSI X9.52 Triple-DES Modes of Operation standard. The CBCM mode is a Triple-DES CBC variant which was designed against powerful attacks which control intermediate feedback for the benefit of the attacker. For this purpose, it uses intermediate feedbacks that the attacker cannot control, choosing them as a keyed OFB stream, independent of the plaintexts and the ciphertexts. In this paper we find a way to use even this kind of feedback for the benefit of the attacker, and we present an attack which requires a single chosen ciphertext of 265 blocks which needs to be stored and 259 complexity of analysis (CBCM encryptions) to find the key with a high probability. As a consequence of our attack, ANSI decided to remove the CBCM mode from the proposed standard.

Eli Biham | Lars R. Knudsen

[1] Lars R. Knudsen,et al. Block Ciphers: Analysis, Design and Applications , 1994 .

[2] Stefan Lucks,et al. Attacking Triple Encryption , 1998, FSE.

[3] Ueli M. Maurer,et al. New Approaches to the Design of Self-Synchronizing Stream Ciphers , 1991, EUROCRYPT.

[4] Paul C. van Oorschot,et al. A Known Plaintext Attack on Two-Key Triple Encryption , 1991, EUROCRYPT.

[5] Eli Biham. Cryptanalysis of Triple Modes of Operation , 1999, Journal of Cryptology.

[6] Eli Biham,et al. Cryptanalysis of the ANSI X9.52 CBCM Mode , 1998, EUROCRYPT.

[7] Eli Biham,et al. Cryptanalysis of Multiple Modes of Operation , 1994, Journal of Cryptology.

[8] Stephen M. Matyas,et al. Triple DES Cipher Block Chaining with Output Feedback Masking , 1996 .

[9] David A. Wagner. Cryptanalysis of Some Recently-Proposed Multiple Modes of Operation , 1998, FSE.

[10] Ralph Howard,et al. Data encryption standard , 1987 .

[11] Martin E. Hellman,et al. On the security of multiple encryption , 1981, CACM.

[12] Eli Biham,et al. Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[13] Stephen M. Matyas,et al. A proposed mode for triple-DES encryption , 1996, IBM J. Res. Dev..

[14] Eli Biham,et al. How to Forge DES-Encrypted Messages in $2^{28}$ Steps , 1996 .