Known-IV, known-in-advance-IV, and replayed-and-known-IV attacks on multiple modes of operation of block ciphers

Deukjo Hong; Seokhie Hong; Wonil Lee; Sangjin Lee; Jongin Lim; Jaechul Sung; Okyeon Yi

doi:10.1007/s00145-006-0205-3

Known-IV, known-in-advance-IV, and replayed-and-known-IV attacks on multiple modes of operation of block ciphers

Deukjo Hong, Seokhie Hong, Wonil Lee, Sangjin Lee, Jongin Lim, Jaechul Sung, Okyeon Yi

Research output: Contribution to journal › Article › peer-review

Abstract

Normally, it has been believed that the initial values of cryptographic schemes do not need to be managed secretly unlike the secret keys. However, we show that multiple modes of operation of block ciphers can suffer a loss of security by the state of the initial values. We consider several attacks according to the environment of the initial values; known-IV attack, known-in-advance-IV attack, and replayed-and-known-IV attack. Our attacks on cascaded three-key triple modes of operation requires 3-7 blocks of plaintexts (or ciphertexts) and 3 • 2⁵⁶-9 • 2⁵⁶ encryptions. We also give the attacks on multiple modes proposed by Biham.

Original language	English
Pages (from-to)	441-462
Number of pages	22
Journal	Journal of Cryptology
Volume	19
Issue number	4
DOIs	https://doi.org/10.1007/s00145-006-0205-3
Publication status	Published - 2006 Oct

Keywords

Block ciphers
Cryptanalysis
Known-IV attacks
Knownin- advance-IV attacks
Multiple modes of operation
Replayed-and-known-IV attacks

ASJC Scopus subject areas

Software
Computer Science Applications
Applied Mathematics

Access to Document

10.1007/s00145-006-0205-3

Cite this

@article{576919b5c3fb46a4ad1609997e8848d2,

title = "Known-IV, known-in-advance-IV, and replayed-and-known-IV attacks on multiple modes of operation of block ciphers",

abstract = "Normally, it has been believed that the initial values of cryptographic schemes do not need to be managed secretly unlike the secret keys. However, we show that multiple modes of operation of block ciphers can suffer a loss of security by the state of the initial values. We consider several attacks according to the environment of the initial values; known-IV attack, known-in-advance-IV attack, and replayed-and-known-IV attack. Our attacks on cascaded three-key triple modes of operation requires 3-7 blocks of plaintexts (or ciphertexts) and 3 • 256-9 • 256 encryptions. We also give the attacks on multiple modes proposed by Biham.",

keywords = "Block ciphers, Cryptanalysis, Known-IV attacks, Knownin- advance-IV attacks, Multiple modes of operation, Replayed-and-known-IV attacks",

author = "Deukjo Hong and Seokhie Hong and Wonil Lee and Sangjin Lee and Jongin Lim and Jaechul Sung and Okyeon Yi",

year = "2006",

month = oct,

doi = "10.1007/s00145-006-0205-3",

language = "English",

volume = "19",

pages = "441--462",

journal = "Journal of Cryptology",

issn = "0933-2790",

publisher = "Springer New York",

number = "4",

}

TY - JOUR

T1 - Known-IV, known-in-advance-IV, and replayed-and-known-IV attacks on multiple modes of operation of block ciphers

AU - Hong, Deukjo

AU - Hong, Seokhie

AU - Lee, Wonil

AU - Lee, Sangjin

AU - Lim, Jongin

AU - Sung, Jaechul

AU - Yi, Okyeon

PY - 2006/10

Y1 - 2006/10

N2 - Normally, it has been believed that the initial values of cryptographic schemes do not need to be managed secretly unlike the secret keys. However, we show that multiple modes of operation of block ciphers can suffer a loss of security by the state of the initial values. We consider several attacks according to the environment of the initial values; known-IV attack, known-in-advance-IV attack, and replayed-and-known-IV attack. Our attacks on cascaded three-key triple modes of operation requires 3-7 blocks of plaintexts (or ciphertexts) and 3 • 256-9 • 256 encryptions. We also give the attacks on multiple modes proposed by Biham.

AB - Normally, it has been believed that the initial values of cryptographic schemes do not need to be managed secretly unlike the secret keys. However, we show that multiple modes of operation of block ciphers can suffer a loss of security by the state of the initial values. We consider several attacks according to the environment of the initial values; known-IV attack, known-in-advance-IV attack, and replayed-and-known-IV attack. Our attacks on cascaded three-key triple modes of operation requires 3-7 blocks of plaintexts (or ciphertexts) and 3 • 256-9 • 256 encryptions. We also give the attacks on multiple modes proposed by Biham.

KW - Block ciphers

KW - Cryptanalysis

KW - Known-IV attacks

KW - Knownin- advance-IV attacks

KW - Multiple modes of operation

KW - Replayed-and-known-IV attacks

UR - http://www.scopus.com/inward/record.url?scp=33749562733&partnerID=8YFLogxK

U2 - 10.1007/s00145-006-0205-3

DO - 10.1007/s00145-006-0205-3

M3 - Article

AN - SCOPUS:33749562733

SN - 0933-2790

VL - 19

SP - 441

EP - 462

JO - Journal of Cryptology

JF - Journal of Cryptology

IS - 4

ER -

Known-IV, known-in-advance-IV, and replayed-and-known-IV attacks on multiple modes of operation of block ciphers

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this