Blockwise-adaptive chosen-plaintext attack and online modes of encryption

Authors:
Gregory V. Bard
Affiliations:
Department of Mathematics, Fordham University, Bronx, NY
Venue:
Cryptography and Coding'07 Proceedings of the 11th IMA international conference on Cryptography and coding
Year:
2007

Citing 7
Cited 2

Complete characterization of security notions for probabilistic private-key encryption

STOC '00 Proceedings of the thirty-second annual ACM symposium on Theory of computing
Authenticated encryption in SSH: provably fixing the SSH binary packet protocol

Proceedings of the 9th ACM conference on Computer and communications security
Encryption-Scheme Security in the Presence of Key-Dependent Messages

SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
Blockwise-Adaptive Attackers: Revisiting the (In)Security of Some Provably Secure Encryption Models: CBC, GEM, IACBC

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS ...

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
A Concrete Security Treatment of Symmetric Encryption

FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Blockwise adversarial model for on-line ciphers and symmetric encryption schemes

SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography

Security of symmetric encryption in the presence of ciphertext fragmentation

EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
The security of ciphertext stealing

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption

Quantified Score

Hi-index	0.01

Visualization

Abstract

Here, we present a generalized notion of online modes of encryption that make one call to a pseudorandom permutation per block of plaintext. This generalization, called "Canonical Form," not only allows for modes of encryption to be written in a common format, but provides for easy proofs of blockwise-adaptive chosen-plaintext (BACPA) security/insecurity. We also develop necessary and sufficient conditions for security of a mode of encryption in Canonical Form. As an application, we write ten modes of encryption in Canonical Form, and we prove the security status (under BACPA) of nine of them. While most of these modes already had proven BACPA security status in previously published papers, it is hoped the more general method specified here will be of use in writing simpler proofs for other modes, including modes of encryption yet to be developed. BACPA is a model for adversaries slightly more powerful than those in traditional chosen-plaintext attack. In particular, instead of forcing the target to encrypt messages of his/her own choosing, the attacker can insert blocks of his/her own choosing into the target's messages [JMV02]. Some modes of encryption which are secure against traditional CPA, for example the ubiquitous Cipher Block Chaining (CBC), are insecure against BACPA. Several papers have been written to explore BACPA and modes of encryption under it.