Cryptology ePrint Archive: Report 2018/1090

Plaintext Recovery Attack of OCB2

Tetsu Iwata

Abstract: Inoue and Minematsu [Cryptology ePrint Archive: Report 2018/1040] presented efficient forgery attacks against OCB2, and Poettering [Cryptology ePrint Archive: Report 2018/1087] presented a distinguishing attack. In this short note, based on these results, we show a plaintext recovery attack against OCB2 in the chosen plaintext and ciphertext setting. We also show that the decryption oracle of the underlying block cipher can be simulated. This complements the simulation of the encryption oracle of the block cipher by Poettering in [Cryptology ePrint Archive: Report 2018/1087].

Category / Keywords: secret-key cryptography / OCB2, plaintext recovery attack, chosen plaintext and ciphertext setting

Date: received 11 Nov 2018, last revised 21 Mar 2019

Contact author: tetsu iwata at nagoya-u jp

Available format(s): PDF | BibTeX Citation

Note: See [Cryptology ePrint Archive: Report 2019/311] that appeared on March 20, 2019, which is a joint report that includes the findings of [Cryptology ePrint Archive: Report 2018/1040] (by Inoue and Minematsu), [Cryptology ePrint Archive: Report 2018/1087] (by Poettering), and this report.

Version: 20190321:071804 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]