Paper 2006/271

Modes of Encryption Secure against Blockwise-Adaptive Chosen-Plaintext Attack

Gregory V. Bard


Blockwise-adaptive chosen-plaintext and chosen-ciphertext attack are new models for cryptanalytic adversaries, first discovered by Joux, et al [JMV02], and describe a vulnerability in SSH discovered by Bellare, et al [BKN02]. Unlike traditional chosen-plaintext (CPA) or chosen-ciphertext (CCA) adversaries, the blockwise adversary can submit individual blocks for encryption or decryption rather than entire messages. This paper focuses on the search for on-line encryption schemes which are resistant to blockwise-adaptive chosen-plaintext attack. We prove that one oracle query with non-equal inputs is sufficient to win the blockwise-adaptive chosen-plaintext game if the game can be won by any adversary in ppt with non-negligible advantage. In order to uniformly describe such encryption schemes, we define a canonical representation of encryption schemes based on functions believed to be pseudorandom (i.e. Block Ciphers). This Canonical Form is general enough to cover many modes currently in use, including ECB, CBC, CTR, OFB, CFB, ABC, IGE, XCBC, HCBC and HPCBC. An immediate result of the theorems in this paper is that CTR, OFB, CFB, HCBC and HPCBC are proven secure against blockwise-adaptive CPA, as well as S-ABC under certain conditions. Conversely ECB, CBC, IGE, and P-ABC are proven to be blockwise-adaptive CPA insecure. Since CBC, IGE and P-ABC are chosen-plaintext secure, this indicates that the blockwise-adaptive chosen-plaintext model is a non-trivial extension of the traditional chosen-plaintext attack model.

Note: Suggestions welcome.

Available format(s)
Publication info
Published elsewhere. Submitted to a Conference. This is an improved version of what appeared at YACC'06.
Blockwise-Adaptive AttackEncryption SchemesChosen-Plaintext AttackModes of EncryptionCBCOFBCFBABCCTRInfinite Garble ExtensionHCBCHPCBCXCBC.
Contact author(s)
gregory bard @ ieee org
2006-08-18: revised
2006-08-15: received
See all versions
Short URL
Creative Commons Attribution


      author = {Gregory V.  Bard},
      title = {Modes of Encryption Secure against Blockwise-Adaptive Chosen-Plaintext Attack},
      howpublished = {Cryptology ePrint Archive, Paper 2006/271},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.