Cryptology ePrint Archive: Report 2012/292

An Adaptive-Ciphertext Attack against "I $\oplus$ C'' Block Cipher Modes With an Oracle

Jon Passki and Tom Ritter

Abstract: Certain block cipher confidentiality modes are susceptible to an adaptive chosen-ciphertext attack against the underlying format of the plaintext. When the application decrypts altered ciphertext and attempts to process the manipulated plaintext, it may disclose information about intermediate values resulting in an oracle. In this paper we describe how to recognize and exploit such an oracle to decrypt ciphertext and control the decryption to result in arbitrary plaintext. We also discuss ways to mitigate and remedy the issue.

Category / Keywords: secret-key cryptography / block ciphers, block cipher modes, chosen ciphertext attack

Publication Info: Personal and Company Websites

Date: received 25 May 2012, last revised 1 Jul 2012

Contact author: tom at ritter vg

Available format(s): PDF | BibTeX Citation

Note: Revised to include references to some more work on the topic.

Version: 20120702:000246 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]