Paper 2018/1087

Breaking the confidentiality of OCB2

Bertram Poettering

Abstract

OCB2 is a widely standardized mode of operation of a blockcipher that aims at providing authenticated encryption. A recent report by Inoue and Minematsu (IACR EPRINT report 2018/1040) indicates that OCB2 does not meet this goal. Concretely, by describing simple forging attacks the authors evidence that the (sub)goal of authenticity is not reached. The report does not question the confidentiality offered by OCB2. In this note we show how the attacks of Inoue and Minematsu can be extended to also break the confidentiality of OCB2. We do this by constructing both IND-CCA and plaintext recovering adversaries, all of which require minimal resources and achieve overwhelming success rates.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
OCB2confidentialityattackAEAD
Contact author(s)
bertram poettering @ rhul ac uk
History
2019-03-20: last of 4 revisions
2018-11-09: received
See all versions
Short URL
https://ia.cr/2018/1087
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/1087,
      author = {Bertram Poettering},
      title = {Breaking the confidentiality of OCB2},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1087},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/1087}},
      url = {https://eprint.iacr.org/2018/1087}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.