Cryptology ePrint Archive: Report 2002/061
Strengthened Encryption in the CBC Mode
Vlastimil Klima and Tomas Rosa
Abstract: Vaudenay  has presented an attack on the CBC mode of block ciphers, which uses padding according to the PKCS#5 standard. One of the countermeasures, which he has assumed, consisted of the encryption of the message Mī= M || padding || hash(M || padding) instead of the original M. This can increase the length of the message by several blocks compared with the present padding. Moreover, Wagner  showed a security weakness in this proposal. The next correction, which Vaudenay proposed ("A Fix Which May Work") has a general character and doesn't solve practical problems with the real cryptographic interfaces used in contemporary applications. In this article we propose three variants of the CBC mode. From the external point of view they behave the same as the present CBC mode with the PKCS#5 padding, but they prevent Vaudenay's attack.
Category / Keywords: secret-key cryptography / block ciphers, block-cipher modes, CBC, side-channel, modes of operation, PKCS#5 padding, implementation, cryptoAPI
Date: received 24 May 2002, last revised 28 Aug 2002
Contact author: vlastimil klima at i cz
Available format(s): PDF | BibTeX Citation
Note: Minor change in references.
Version: 20020828:123604 (All versions of this report)
Short URL: ia.cr/2002/061
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]