GEM: A Generic Chosen-Ciphertext Secure Encryption Method
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
Online Ciphers and the Hash-CBC Construction
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Information Processing Letters
ACM Transactions on Information and System Security (TISSEC)
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Blockwise adversarial model for on-line ciphers and symmetric encryption schemes
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Hi-index | 754.84 |
In 2002, in two independent papers, Bellare, Kohno, and Namprempre and Joux, Martinet, and Valette introduced the notion of blockwise security for modes of operations. This notion stems from common practice, since in many applications, modes of operation for block ciphers do not process messages as atomic entities but in a incremental manner, block after block. Soon afterward, several papers showed that many modes of operation are already blockwise secure and that others can be made secure by simple modifications. In this paper, we revisit these results, by comparing possible attacks on modes of operation after the birthday bound is reached. Amusingly, in spite having essentially identical security proofs up to this bound, modes of operation in the blockwise model behave very differently than their counterparts in the regular model, once the birthday paradox bound is crossed.