Cryptanalysis of the ANSI X9.52 CBCM mode |
| |
| Authors: | Eli Biham Lars R. Knudsen |
| |
| Affiliation: | (1) Computer Science Department, Technion — Israel Institute of Technology, Haifa 32000, Israel biham@cs.technion.ac.il http://www.cs.technion.ac.il/~biham/, IL;(2) Department of Informatics, University of Bergen, Hi-techcenter, N-5020 Bergen, Norway lars@ramkilde.com http://www.ramkilde.com, NO |
| |
| Abstract: | In this paper we cryptanalyze the CBCM mode of operation, which was almost included in the ANSI X9.52 Triple-DES Modes of
Operation standard. The CBCM mode is a Triple-DES CBC variant which was designed against powerful attacks which control intermediate
feedback for the benefit of the attacker. For this purpose, it uses intermediate feedbacks that the attacker cannot control,
choosing them as a keyed OFB stream, independent of the plaintexts and the ciphertexts. In this paper we find a way to use
even this kind of feedback for the benefit of the attacker, and we present an attack which requires a single chosen ciphertext
of 2
65
blocks which needs to be stored and 2
59
complexity of analysis (CBCM encryptions) to find the key with a high probability. As a consequence of our attack, ANSI
decided to remove the CBCM mode from the proposed standard.
Received May 1998 and revised June 2001 Online publication 28 November 2001 |
| |
| Keywords: | . Cryptanalysis ANSI X9.52 Modes of operation CBCM mode Triple-DES Multiple encryption. |
| 本文献已被 SpringerLink 等数据库收录! |
|
