Cryptology ePrint Archive: Report 2006/271

Modes of Encryption Secure against Blockwise-Adaptive Chosen-Plaintext Attack

Gregory V. Bard

Abstract: Blockwise-adaptive chosen-plaintext and chosen-ciphertext attack are new models for cryptanalytic adversaries, first discovered by Joux, et al [JMV02], and describe a vulnerability in SSH discovered by Bellare, et al [BKN02]. Unlike traditional chosen-plaintext (CPA) or chosen-ciphertext (CCA) adversaries, the blockwise adversary can submit individual blocks for encryption or decryption rather than entire messages. This paper focuses on the search for on-line encryption schemes which are resistant to blockwise-adaptive chosen-plaintext attack. We prove that one oracle query with non-equal inputs is sufficient to win the blockwise-adaptive chosen-plaintext game if the game can be won by any adversary in ppt with non-negligible advantage.

In order to uniformly describe such encryption schemes, we define a canonical representation of encryption schemes based on functions believed to be pseudorandom (i.e. Block Ciphers). This Canonical Form is general enough to cover many modes currently in use, including ECB, CBC, CTR, OFB, CFB, ABC, IGE, XCBC, HCBC and HPCBC. An immediate result of the theorems in this paper is that CTR, OFB, CFB, HCBC and HPCBC are proven secure against blockwise-adaptive CPA, as well as S-ABC under certain conditions. Conversely ECB, CBC, IGE, and P-ABC are proven to be blockwise-adaptive CPA insecure. Since CBC, IGE and P-ABC are chosen-plaintext secure, this indicates that the blockwise-adaptive chosen-plaintext model is a non-trivial extension of the traditional chosen-plaintext attack model.

Category / Keywords: foundations / Blockwise-Adaptive Attack, Encryption Schemes, Chosen-Plaintext Attack, Modes of Encryption, CBC, OFB, CFB, ABC, CTR, Infinite Garble Extension, HCBC, HPCBC, XCBC.

Publication Info: Submitted to a Conference. This is an improved version of what appeared at YACC'06.

Date: received 13 Aug 2006, last revised 17 Aug 2006

Contact author: gregory bard at ieee org

Available format(s): PDF | BibTeX Citation

Note: Suggestions welcome.

Version: 20060818:012201 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]