Paper 2018/1040

Cryptanalysis of OCB2

Akiko Inoue and Kazuhiko Minematsu

Abstract

We present practical attacks against OCB2, an ISO-standard authenticated encryption (AE) scheme. OCB2 is a highly-efficient blockcipher mode of operation. It has been extensively studied and widely believed to be secure thanks to the provable security proofs. Our attacks allow the adversary to create forgeries with single encryption query of almost-known plaintext. This attack can be further extended to powerful almost-universal and universal forgeries using more queries. The source of our attacks is the way OCB2 implements AE using a tweakable blockcipher, called XEX*. We have verified our attacks using a reference code of OCB2. Our attacks do not break the privacy of OCB2, and are not applicable to the others, including OCB1 and OCB3.

Note: Add a section of universal forgery attack.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
OCBAuthenticated EncryptionCryptanalysisForgeryXEX
Contact author(s)
k-minematsu @ ah jp nec com
History
2018-11-11: last of 2 revisions
2018-10-30: received
See all versions
Short URL
https://ia.cr/2018/1040
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/1040,
      author = {Akiko Inoue and Kazuhiko Minematsu},
      title = {Cryptanalysis of OCB2},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1040},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/1040}},
      url = {https://eprint.iacr.org/2018/1040}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.