论文信息 - Specifications overview for counter mode of operation. Security aspects in case of faults

Specifications overview for counter mode of operation. Security aspects in case of faults

In 2001, after a selection process, NIST added the counter mode of operation to be used with the advanced encryption standard (AES). In the NIST recommendation a standard incrementing function is defined for generation of the counter blocks which are encrypted for each plaintext block, IPsec Internet draft (R. Housley et al., May 2003) and ATM security specifications contain implementation specifications for counter mode standard incrementing function. In this paper we present those specifications. We analyze the probability to reveal useful information in case of faults in standard incrementing function described in NIST recommendation. The confidentiality of the mode can be compromised with the fault model presented in this paper. We recommend another solution to be used in generation of the standard incrementing function in the context of the counter mode.

R. Tirtea | G. Deconinck

[1] Eli Biham,et al. Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[2] Helger Lipmaa,et al. Comments to NIST concerning AES Modes of Operations: CTR-Mode Encryption , 2000 .

[3] Elaine B. Barker,et al. Report on the Development of the Advanced Encryption Standard (AES) , 2001, Journal of research of the National Institute of Standards and Technology.

[4] Howard M. Heys. Analysis of the Statistical Cipher Feedback Mode of Block Ciphers , 2003, IEEE Trans. Computers.

[5] M.E. Hellman,et al. Privacy and authentication: An introduction to cryptography , 1979, Proceedings of the IEEE.

[6] Richard J. Lipton,et al. On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.