The security of the cipher block chaining message authentication code
Journal of Computer and System Sciences
OCB: a block-cipher mode of operation for efficient authenticated encryption
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
How to Protect DES Against Exhaustive Key Search
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A Block-Cipher Mode of Operation for Parallelizable Message Authentication
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Mercy: A Fast Large Block Cipher for Disk Sector Encryption
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Cryptanalysis of the Mercy Block Cipher
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
PolyE+CTR: a swiss-army-knife mode for block ciphers
ProvSec'11 Proceedings of the 5th international conference on Provable security
Automated security proof for symmetric encryption modes
ASIAN'09 Proceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy
Automated verification of block cipher modes of operation, an improved method
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Hi-index | 0.00 |
We investigate the security of two tweakable-blockcipher-based modes TBC and TAE proposed in [13]. Our results show that: (1) The TBC encryption mode, whether randomized or stateful, is secure in the sense of indistinguishability from random bits; (2) Theorem 3 in [13] is wrong. A simple counterexample against the authenticity of TAE is presented, which shows that the secure tweakable blockcipher against chosen plaintext attack is not sufficient for the security of the TAE mode.