Cryptanalysis of the ANSI X9. 52 CBCM Mode. (English) Zbl 0992.94029
Authors’ abstract: The CBCM mode is a variant of the Triple-DES (Data Encryption Standard) CBC (Cipher Block Chaining) encryption algorithm designed against powerful attacks that control intermediate feedback for the benefit of the attacker. For this purpose, it uses intermediate feedbacks that the attacker cannot control, choosing them as a keyed OFB (Output Feedback) stream, independent of the plaintexts and the ciphertexts.
This paper presents a way to use this kind of feedback for the benefit of the attacker, and an attack requiring a single chosen ciphertext of \(2^{65}\) blocks, which needs to be stored, and \(2^{59}\) complexity of analysis (CBCM encryptions) to find the key with a high probability.
The CBCM mode of operation had been a candidate for inclusion in the ANSI X9.52 standard for Triple-DES Modes of Operation before the publication of this paper’s result.
This paper presents a way to use this kind of feedback for the benefit of the attacker, and an attack requiring a single chosen ciphertext of \(2^{65}\) blocks, which needs to be stored, and \(2^{59}\) complexity of analysis (CBCM encryptions) to find the key with a high probability.
The CBCM mode of operation had been a candidate for inclusion in the ANSI X9.52 standard for Triple-DES Modes of Operation before the publication of this paper’s result.
Reviewer: Jörg Desel (Eichstätt)
References:
| [1] | ANSI X9.52-1998. Triple Data Encryption Algorithm Modes of Operation. · Zbl 0825.94175 |
| [2] | ANSI draft X9.52. Triple Data Encryption Algorithm Modes of Operation, Revision 6.0, May 1996. · Zbl 0766.94005 |
| [3] | Biham, E.; Anderson, R. (ed.), On modes of operation (Abstract), No. 809, 116-120 (1994), Berlin · Zbl 0943.94530 · doi:10.1007/3-540-58108-1_14 |
| [4] | E. Biham. How to Forge DES-Encrypted Messages in 228 Steps. Technical Report CS884, Technion, August 1996. |
| [5] | E. Biham. Cryptanalysis of Triple Modes of Operation. Technical Report CS885, Technion, August 1996. A preliminary version of [7]. · Zbl 0937.94005 |
| [6] | E. Biham. Cryptanalysis of multiple modes of operation. Journal of Cryptology, 11(1):45-58, 1998. · Zbl 0902.94013 · doi:10.1007/s001459900034 |
| [7] | E. Biham. Cryptanalysis of triple modes of operation. Journal of Cryptology, 12(3): 161-184, 1999. · Zbl 0937.94005 · doi:10.1007/s001459900050 |
| [8] | Biham, E.; Knudsen, L. R.; Nyberg, K. (ed.), Cryptanalysis of the ANSI X9.52 CBCM mode, No. 1403, 100-111 (1998), Berlin · Zbl 0929.68047 · doi:10.1007/BFb0054120 |
| [9] | D. Coppersmith, D. B. Johnson, and S. M. Matyas. A proposed mode for Triple-DES encryption. IBM Journal of Research and Development, 40(2):253-261, March 1996. · doi:10.1147/rd.402.0253 |
| [10] | D. Coppersmith, D. B. Johnson, and S. M. Matyas. Triple DES Cipher Block Chaining with Output Feedback Masking. Technical Report RC 20591, IBM, October 1996. Presented at the rump session of CRYPTO ’96. · Zbl 0937.94005 |
| [11] | Davies, D. W.; Parkin, G. I. P.; Chaum, D. (ed.); Rivest, R. L. (ed.); Sherman, A. T. (ed.), The average cycle size of the key stream in output feedback encipherment (Abstract), 97-98 (1982), New York |
| [12] | The DESCHALL home page, http://www.frii.com/ rcv/deschall.htm. · Zbl 1385.94075 |
| [13] | The distributed.net home page, http://www.distributed.net/. |
| [14] | Electronic Frontier Foundation. Cracking DES—Secrets of Encryption Research, Wiretap Politics & Chip Design. O’Reilly, Cambridge, MA, 1998. ISBN 1-56592-520-3. |
| [15] | B. S. Kaliski and M. J. B. Robshaw. Multiple encryption: weighing security and performance. Dr. Dobb’s Journal, pages 123-127, January 1996. |
| [16] | L. R. Knudsen. Block Ciphers — Analysis, Design and Applications. Ph.D. thesis, Aarhus University, 1994. · Zbl 0937.94005 |
| [17] | Lucks, S.; Vaudenay, S. (ed.), Attacking triple encryption, No. 1372, 239-253 (1998), Berlin · Zbl 1385.94056 |
| [18] | J. Markoff. U.S. group delays encryption standard. New York Times, March 31, 1998. |
| [19] | Maurer, U. M.; Davies, D. W. (ed.), New approaches to the design of self-synchronizing stream ciphers, No. 547, 458-471 (1991), Berlin · Zbl 0766.94005 · doi:10.1007/3-540-46416-6_39 |
| [20] | R. Merkle and M. Hellman. On the security of multiple encryption. Communications of the ACM, 24(7):465-467, 1981. · doi:10.1145/358699.358718 |
| [21] | National Bureau of Standards. Data Encryption Standard. Federal Information Processing Standard (FIPS), Publication 46, National Bureau of Standards, U.S. Department of Commerce, Washington DC, January 1977. |
| [22] | Oorschot, P. C.; Wiener, M. J.; Damgård, Ivan B. (ed.), A known-plaintext attack on two-key triple encryption, No. 473, 318-325 (1990), Berlin · Zbl 0825.94175 · doi:10.1007/3-540-46877-3_29 |
| [23] | Wagner, D.; Vaudenay, S. (ed.), Cryptanalysis of some multiple modes of operation, No. 1372, 254-269 (1998), Berlin · Zbl 1385.94075 |
| [24] | M. J. Wiener. Efficient DES Key Search. Technical Report TR-244, School of Computer Science, Carleton University, Ottawa, May 1994. Presented at the Rump Session of CRYPTO ’93. |
| [25] | M. J. Wiener. Efficient DES key search — an update. CryptoBytes, 3(2):6-8, 1998. |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
