Cryptology ePrint Archive: Report 2012/292
An Adaptive-Ciphertext Attack against "I $\oplus$ C'' Block Cipher Modes With an Oracle
Jon Passki and Tom Ritter
Abstract: Certain block cipher confidentiality modes are susceptible to an adaptive chosen-ciphertext attack against the underlying format of the plaintext. When the application decrypts altered ciphertext and attempts to process the manipulated plaintext, it may disclose information about intermediate values resulting in an oracle. In this paper we describe how to recognize and exploit such an oracle to decrypt ciphertext and control the decryption to result in arbitrary plaintext. We also discuss ways to mitigate and remedy the issue.
Category / Keywords: secret-key cryptography / block ciphers, block cipher modes, chosen ciphertext attack
Publication Info: Personal and Company Websites
Date: received 25 May 2012, last revised 1 Jul 2012
Contact author: tom at ritter vg
Available format(s): PDF | BibTeX Citation
Note: Revised to include references to some more work on the topic.
Version: 20120702:000246 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]