[Resource Topic] 2012/623: Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block cipher modes

Welcome to the resource topic for 2012/623

Title:
Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block cipher modes

Authors: David McGrew

Abstract:

The block cipher modes of operation that are widely used (CBC, CTR, CFB) are secure up to the birthday bound; that is, if w2^{w} or fewer bits of data are encrypted with a w-bit block cipher. However, the detailed security properties close to this bound are not widely appreciated, despite the fact that 64-bit block ciphers are sometimes used in that domain. This work addresses the issue by analyzing plaintext-recovery attacks that are effective close to that bound. We describe possible-plaintext attacks, which can learn unknown plaintext values that are encrypted with CBC, CFB, or OFB. We also introduce \textit{impossible plaintext} cryptanalysis, which can recover information encrypted with CTR, and can improve attacks against the aforementioned modes as well. These attacks work at the birthday bound, or even slightly below that bound, when the target plaintext values are encrypted under a succession of keys.

ePrint: https://eprint.iacr.org/2012/623

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .