Cryptology ePrint Archive: Report 2002/061

Strengthened Encryption in the CBC Mode

Vlastimil Klima and Tomas Rosa

Abstract: Vaudenay [1] has presented an attack on the CBC mode of block ciphers, which uses padding according to the PKCS#5 standard. One of the countermeasures, which he has assumed, consisted of the encryption of the message Mī= M || padding || hash(M || padding) instead of the original M. This can increase the length of the message by several blocks compared with the present padding. Moreover, Wagner [1] showed a security weakness in this proposal. The next correction, which Vaudenay proposed ("A Fix Which May Work") has a general character and doesn't solve practical problems with the real cryptographic interfaces used in contemporary applications. In this article we propose three variants of the CBC mode. From the external point of view they behave the same as the present CBC mode with the PKCS#5 padding, but they prevent Vaudenay's attack.

Category / Keywords: secret-key cryptography / block ciphers, block-cipher modes, CBC, side-channel, modes of operation, PKCS#5 padding, implementation, cryptoAPI

Date: received 24 May 2002, last revised 28 Aug 2002

Contact author: vlastimil klima at i cz

Available format(s): PDF | BibTeX Citation

Note: Minor change in references.

Version: 20020828:123604 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]