Paper 2002/061
Strengthened Encryption in the CBC Mode
Vlastimil Klima and Tomas Rosa
Abstract
Vaudenay [1] has presented an attack on the CBC mode of block ciphers, which uses padding according to the PKCS#5 standard. One of the countermeasures, which he has assumed, consisted of the encryption of the message M´= M || padding || hash(M || padding) instead of the original M. This can increase the length of the message by several blocks compared with the present padding. Moreover, Wagner [1] showed a security weakness in this proposal. The next correction, which Vaudenay proposed ("A Fix Which May Work") has a general character and doesn't solve practical problems with the real cryptographic interfaces used in contemporary applications. In this article we propose three variants of the CBC mode. From the external point of view they behave the same as the present CBC mode with the PKCS#5 padding, but they prevent Vaudenay's attack.
Note: Minor change in references.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- block ciphersblock-cipher modesCBCside-channelmodes of operationPKCS#5 paddingimplementationcryptoAPI
- Contact author(s)
- vlastimil klima @ i cz
- History
- 2002-08-28: last of 3 revisions
- 2002-05-24: received
- See all versions
- Short URL
- https://ia.cr/2002/061
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2002/061, author = {Vlastimil Klima and Tomas Rosa}, title = {Strengthened Encryption in the {CBC} Mode}, howpublished = {Cryptology {ePrint} Archive, Paper 2002/061}, year = {2002}, url = {https://eprint.iacr.org/2002/061} }