Paper 2015/059

Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation

Alexandra Boldyreva, Jean Paul Degabriele, Kenneth G. Paterson, and Martijn Stam


In recent years, a number of standardized symmetric encryption schemes have fallen foul of attacks exploiting the fact that in some real world scenarios ciphertexts can be delivered in a fragmented fashion. We initiate the first general and formal study of the security of symmetric encryption against such attacks. We extend the SSH-specific work of Paterson and Watson (Eurocrypt 2010) to develop security models for the fragmented setting. We also develop security models to formalize the additional desirable properties of ciphertext boundary hiding and robustness against Denial-of-Service (DoS) attacks for schemes in this setting. We illustrate the utility of each of our models via efficient constructions for schemes using only standard cryptographic components, including constructions that simultaneously achieve confidentiality, ciphertext boundary hiding and DoS robustness.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. MAJOR revision.EUROCRYPT 2012
ciphertext fragmentationboundary hidingdenial of serviceInterMACauthenticated encryption
Contact author(s)
jpdega @ gmail com
2015-02-17: last of 3 revisions
2015-01-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Alexandra Boldyreva and Jean Paul Degabriele and Kenneth G.  Paterson and Martijn Stam},
      title = {Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation},
      howpublished = {Cryptology ePrint Archive, Paper 2015/059},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.