Abstract
The PCBC block cipher mode of operation has many variants, of which one, due to Meyer and Matyas, dates back over 20 years. Whilst a particularly simple variant of PCBC has long been known to be very weak when used for data integrity protection, the Meyer-Matyas variant has not previously been attacked. In this paper we cryptanalyse this mode, and show that it possesses a serious weakness when used for data integrity protection. Specifically, we show how to construct an existential forgery using only a single known ciphertext message and a modest amount of known plaintext (this could be as little as three plaintext blocks). We also describe a ciphertext-only existential forgery attack against another, recently proposed, PCBC-variant called M-PCBC.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Bellare, M., Kohno, T., Namprempre, C.: Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the encode-then-encrypt and- MAC paradigm. ACM Transactions on Information and System Security 7, 206–241 (2004)
Black, J., Urtubia, H.: Side-channel attacks on symmetric encryption schemes: The case for authenticated encryption. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, USA, August 5-9, pp. 327–338. USENIX (2002)
Canvel, B., Hiltgen, A., Vaudenay, S., Vuagnoux, M.: Password interception in a SSL/TLS channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 583–599. Springer, Heidelberg (2003)
Paterson, K.G., Yau, A.: Padding oracle attacks on the ISO CBC mode padding standard. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 305–323. Springer, Heidelberg (2004)
Vaudenay, S.: Security flaws induced by CBC padding — Applications to SSL, IPSEC,WTLS. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002)
Rogaway, P., Bellare, M., Black, J.: OCB: A block-cipher mode of operation for efficient authenticated encryption. ACM Transactions on Information and System Security 6, 365–403 (2003)
Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004)
National Institute of Standards and Technology (NIST): NIST Special Publication 800-38C, Draft Recommendation for Block Cipher Modes of Operation: The CCM Mode For Authentication and Confidentiality (2003)
Whiting, D., Housley, R., Ferguson, N.: RFC 3610, Counter with CBC-MAC (CCM). Internet Engineering Task Force (2003)
International Organization for Standardization Genève, Switzerland: ISO/IEC WD 19772: 2004, Information technology — Security techniques — Authenticated encryption mechanisms (2004)
Dent, A.W., Mitchell, C.J.: User’s Guide to Cryptography and Standards. Artech House, Norwood (2005)
Sierra, J.M., Hernandez, J.C., Jayaram, N., Ribagorda, A.: Low computational cost integrity for block ciphers. Future Generation Computer Systems 20, 857–863 (2004)
Meyer, C.H., Matyas, S.M.: Cryptography: A new dimension in computer data security. John Wiley and Sons, New York (1982)
Kohl, J.T.: The use of encryption in Kerberos for network authentication. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 35–43. Springer, Heidelberg (1990)
Steiner, J., Neuman, C., Schiller, J.: Kerberos: an authentication service for open network systems. In: Proceedings: Usenix Association, Winter Conference, Dallas 1988, USENIX Association, Berkeley, California, pp. 191–202 (1988)
Gligor, V.G., Donescu, P.: Integrity-aware PCBC encryption schemes. In: Malcolm, J.A., Christianson, B., Crispo, B., Roe, M. (eds.) Security Protocols 1999. LNCS, vol. 1796, pp. 153–171. Springer, Heidelberg (2000)
Ferguson, N., Whiting, D., Kelsey, J., Wagner, D.: Critical weaknesses of iaPCBC (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mitchell, C.J. (2005). Cryptanalysis of Two Variants of PCBC Mode When Used for Message Integrity. In: Boyd, C., González Nieto, J.M. (eds) Information Security and Privacy. ACISP 2005. Lecture Notes in Computer Science, vol 3574. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11506157_47
Download citation
DOI: https://doi.org/10.1007/11506157_47
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26547-4
Online ISBN: 978-3-540-31684-8
eBook Packages: Computer ScienceComputer Science (R0)