Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Multiple Modes of Operation
ASIACRYPT '94 Proceedings of the 4th International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
On the Security of Double and 2-Key Triple Modes of Operation
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Optimized Self-Synchronizing Mode of Operation
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Hummingbird: ultra-lightweight cryptography for resource-constrained devices
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Related-mode attacks on block cipher modes of operation
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part III
Padding oracle attacks on multiple modes of operation
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
| Hi-index | 0.00 |
In a paper cryptanalyzing many triple modes of operation, Biham proposed four new triple modes and five new quadruple modes of operation for DES. It was conjectured that the complexity (in a particular threat model) of breaking the triple modes is at least 2112 and that the quadruple modes are more secure than any triple mode. We present new attacks on all but one of the proposed modes. We can break all but two of Biham's proposed modes with at most 256 off-line trial encryptions and between 2 and 232 (depending upon the mode) chosen-IV chosen texts; another mode can be broken with somewhat more work. This raises questions about the suitability of the proposed modes, and provides further evidence for the fragility of inner chaining; however, we emphasize that our results do not disprove Biham's conjectures, as we rely on an extended attack model which admits more powerful adversaries who can mount chosen-IV queries, a capability denied to them in Biham's model.