Paper 2007/385

On the insecurity of interchanged use of OFB and CBC modes of operation

Danilo Gligoroski

Abstract

The security of interchanged use of modes of operation of block ciphers have not been discussed in the public literature. So far, the modes of operation of block ciphers have been treated as completely independent and uncorrelated. In this paper we represent both CBC and OFB as quasigroup string transformations, and then show that OFB mode is a special case of the CBC mode of operation. That raise possibilities for construction of several devastating attack scenarios against that interchanged use of CBC and OFB. These attacks have not been addressed in NIST Special Publication 800-38A 2001, ``Recommendation for Block Cipher Modes of Operation''. More specifically, in the chosen plaintext attack scenario with interchanged use of CBC and OFB mode, we give a concrete list of openssl commands that extract the complete plaintext without knowing the secret key.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
block ciphersmodes of operationquasigroup string transformations
Contact author(s)
Danilo Gligoroski @ q2s ntnu no
History
2007-10-04: received
Short URL
https://ia.cr/2007/385
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/385,
      author = {Danilo Gligoroski},
      title = {On the insecurity of interchanged use of {OFB} and {CBC} modes of operation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/385},
      year = {2007},
      url = {https://eprint.iacr.org/2007/385}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.