Paper 2012/292

An Adaptive-Ciphertext Attack against "I $\oplus$ C'' Block Cipher Modes With an Oracle

Jon Passki and Tom Ritter

Abstract

Certain block cipher confidentiality modes are susceptible to an adaptive chosen-ciphertext attack against the underlying format of the plaintext. When the application decrypts altered ciphertext and attempts to process the manipulated plaintext, it may disclose information about intermediate values resulting in an oracle. In this paper we describe how to recognize and exploit such an oracle to decrypt ciphertext and control the decryption to result in arbitrary plaintext. We also discuss ways to mitigate and remedy the issue.

Note: Revised to include references to some more work on the topic.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Personal and Company Websites
Keywords
block ciphersblock cipher modeschosen ciphertext attack
Contact author(s)
tom @ ritter vg
History
2012-07-02: revised
2012-05-29: received
See all versions
Short URL
https://ia.cr/2012/292
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/292,
      author = {Jon Passki and Tom Ritter},
      title = {An Adaptive-Ciphertext Attack against "I $\oplus$ C'' Block Cipher Modes With an Oracle},
      howpublished = {Cryptology ePrint Archive, Paper 2012/292},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/292}},
      url = {https://eprint.iacr.org/2012/292}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.