Cryptology ePrint Archive: Report 2007/385

On the insecurity of interchanged use of OFB and CBC modes of operation

Danilo Gligoroski

Abstract: The security of interchanged use of modes of operation of block ciphers have not been discussed in the public literature. So far, the modes of operation of block ciphers have been treated as completely independent and uncorrelated. In this paper we represent both CBC and OFB as quasigroup string transformations, and then show that OFB mode is a special case of the CBC mode of operation. That raise possibilities for construction of several devastating attack scenarios against that interchanged use of CBC and OFB. These attacks have not been addressed in NIST Special Publication 800-38A 2001, ``Recommendation for Block Cipher Modes of Operation''. More specifically, in the chosen plaintext attack scenario with interchanged use of CBC and OFB mode, we give a concrete list of openssl commands that extract the complete plaintext without knowing the secret key.

Category / Keywords: secret-key cryptography / block ciphers, modes of operation, quasigroup string transformations

Date: received 29 Sep 2007

Contact author: Danilo Gligoroski at q2s ntnu no

Available format(s): PDF | BibTeX Citation

Version: 20071004:124836 (All versions of this report)

Short URL: ia.cr/2007/385

Discussion forum: Show discussion | Start new discussion