On the security bounds of CMC, EME, EME+ and EME* modes of operation

Authors:
Raphael C. -W. Phan;Bok-Min Goi
Affiliations:
Information Security Research (iSECURES) Lab, Swinburne University of Technology, Kuching, Malaysia;Centre for Cryptography and Information Security (CCIS), Faculty of Engineering, Multimedia University, Cyberjaya, Malaysia
Venue:
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Year:
2005

Citing 11
Cited 1

Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Tweakable Block Ciphers

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
How to Protect DES Against Exhaustive Key Search

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Multiple Modes of Operation

ASIACRYPT '94 Proceedings of the 4th International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
A Block-Cipher Mode of Operation for Parallelizable Message Authentication

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
On the Security of Double and 2-Key Triple Modes of Operation

FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards

CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
A simple power-analysis (SPA) attack on implementations of the AES key expansion

ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Cryptanalysis of the EMD mode of operation

EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
EME*: extending EME to handle arbitrary-length messages with associated data

INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India

On Some Weaknesses in the Disk Encryption Schemes EME and EME2

ICISS '09 Proceedings of the 5th International Conference on Information Systems Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Since 2002, variants of two tweakable block cipher modes of operation, CMC and EME, have been presented by Halevi and Rogaway that are suitable for encryption of disk sectors. In this paper, we show that the security bounds given in their proofs are tight, and hence complement the security proofs of the designers. In particular, we show how to distinguish the CMC, EME, EME+ and EME* modes from random tweakable permutations with negligible effort and 2n/2 chosen plaintexts, where n is the block size in bits. Further, we point out that both modes leak secret information via side-channel attacks (timing and power) due to the data-dependent internal multiplication operation.