Paper 2022/236

Characterizing the qIND-qCPA (in)security of the CBC, CFB, OFB and CTR modes of operation

Abstract

We fully characterize the post-quantum security of the \(\mathsf{CBC}\), \(\mathsf{CFB}\), \(\mathsf{OFB}\) and \(\mathsf{CTR}\) modes of operation by considering all possible notions of \(\textsf{qIND-qCPA}\) security defined by Carstens, Ebrahimi, Tabia and Unruh (TCC 2021), thus extending the work performed by Anand, Targhi, Tabia and Unruh (PQCrypto 2016). We show that the results obtained by Anand et al. for the \(\textsf{qIND-qCPA-P6}\) security of these modes carry on to the other \(\textsf{IND-qCPA}\) notions, namely the \(\textsf{qIND-qCPA-P10}\) and \(\textsf{qIND-qCPA-P11}\) ones. We also show that all of these modes are insecure according to all of the other notions, regardless of the block cipher they are used with. We also provide two general results concerning the insecurity of commonly used properties of block ciphers, namely those preserving the length of their input and those using the \(\texttt{XOR}\) operation as a way to randomize the encryption. Finally, we use these results to highlight the need for new quantum semantic security notions.

Note: The previous proof concerning the qIND-qCPA-P5 security of CBC was wrong. It has been corrected to show its qIND-qCPA-P13 insecurity. A general result about the qIND-qCPA-P5 of certain schemes has also been added.