Paper 2002/061

Strengthened Encryption in the CBC Mode

Vlastimil Klima and Tomas Rosa

Abstract

Vaudenay [1] has presented an attack on the CBC mode of block ciphers, which uses padding according to the PKCS#5 standard. One of the countermeasures, which he has assumed, consisted of the encryption of the message M´= M || padding || hash(M || padding) instead of the original M. This can increase the length of the message by several blocks compared with the present padding. Moreover, Wagner [1] showed a security weakness in this proposal. The next correction, which Vaudenay proposed ("A Fix Which May Work") has a general character and doesn't solve practical problems with the real cryptographic interfaces used in contemporary applications. In this article we propose three variants of the CBC mode. From the external point of view they behave the same as the present CBC mode with the PKCS#5 padding, but they prevent Vaudenay's attack.

Note: Minor change in references.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
block ciphersblock-cipher modesCBCside-channelmodes of operationPKCS#5 paddingimplementationcryptoAPI
Contact author(s)
vlastimil klima @ i cz
History
2002-08-28: last of 3 revisions
2002-05-24: received
See all versions
Short URL
https://ia.cr/2002/061
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2002/061,
      author = {Vlastimil Klima and Tomas Rosa},
      title = {Strengthened Encryption in the {CBC} Mode},
      howpublished = {Cryptology {ePrint} Archive, Paper 2002/061},
      year = {2002},
      url = {https://eprint.iacr.org/2002/061}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.