Known-IV, known-in-advance-IV, and replayed-and-known-IV attacks on multiple modes of operation of block ciphers

Deukjo Hong, Seokhie Hong, Wonil Lee, Sangjin Lee, Jong In Lim, Jaechul Sung, Okyeon Yi

Research output: Contribution to journalArticle

Abstract

Normally, it has been believed that the initial values of cryptographic schemes do not need to be managed secretly unlike the secret keys. However, we show that multiple modes of operation of block ciphers can suffer a loss of security by the state of the initial values. We consider several attacks according to the environment of the initial values; known-IV attack, known-in-advance-IV attack, and replayed-and-known-IV attack. Our attacks on cascaded three-key triple modes of operation requires 3-7 blocks of plaintexts (or ciphertexts) and 3 • 256-9 • 256 encryptions. We also give the attacks on multiple modes proposed by Biham.

Original languageEnglish
Pages (from-to)441-462
Number of pages22
JournalJournal of Cryptology
Volume19
Issue number4
DOIs
Publication statusPublished - 2006 Oct 1

Fingerprint

Block Ciphers
Modes of Operation
Cryptography
Attack
Encryption

Keywords

  • Block ciphers
  • Cryptanalysis
  • Known-IV attacks
  • Knownin- advance-IV attacks
  • Multiple modes of operation
  • Replayed-and-known-IV attacks

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Theoretical Computer Science
  • Computational Theory and Mathematics
  • Applied Mathematics

Cite this

Known-IV, known-in-advance-IV, and replayed-and-known-IV attacks on multiple modes of operation of block ciphers. / Hong, Deukjo; Hong, Seokhie; Lee, Wonil; Lee, Sangjin; Lim, Jong In; Sung, Jaechul; Yi, Okyeon.

In: Journal of Cryptology, Vol. 19, No. 4, 01.10.2006, p. 441-462.

Research output: Contribution to journalArticle

@article{576919b5c3fb46a4ad1609997e8848d2,
title = "Known-IV, known-in-advance-IV, and replayed-and-known-IV attacks on multiple modes of operation of block ciphers",
abstract = "Normally, it has been believed that the initial values of cryptographic schemes do not need to be managed secretly unlike the secret keys. However, we show that multiple modes of operation of block ciphers can suffer a loss of security by the state of the initial values. We consider several attacks according to the environment of the initial values; known-IV attack, known-in-advance-IV attack, and replayed-and-known-IV attack. Our attacks on cascaded three-key triple modes of operation requires 3-7 blocks of plaintexts (or ciphertexts) and 3 • 256-9 • 256 encryptions. We also give the attacks on multiple modes proposed by Biham.",
keywords = "Block ciphers, Cryptanalysis, Known-IV attacks, Knownin- advance-IV attacks, Multiple modes of operation, Replayed-and-known-IV attacks",
author = "Deukjo Hong and Seokhie Hong and Wonil Lee and Sangjin Lee and Lim, {Jong In} and Jaechul Sung and Okyeon Yi",
year = "2006",
month = "10",
day = "1",
doi = "10.1007/s00145-006-0205-3",
language = "English",
volume = "19",
pages = "441--462",
journal = "Journal of Cryptology",
issn = "0933-2790",
publisher = "Springer New York",
number = "4",

}

TY - JOUR

T1 - Known-IV, known-in-advance-IV, and replayed-and-known-IV attacks on multiple modes of operation of block ciphers

AU - Hong, Deukjo

AU - Hong, Seokhie

AU - Lee, Wonil

AU - Lee, Sangjin

AU - Lim, Jong In

AU - Sung, Jaechul

AU - Yi, Okyeon

PY - 2006/10/1

Y1 - 2006/10/1

N2 - Normally, it has been believed that the initial values of cryptographic schemes do not need to be managed secretly unlike the secret keys. However, we show that multiple modes of operation of block ciphers can suffer a loss of security by the state of the initial values. We consider several attacks according to the environment of the initial values; known-IV attack, known-in-advance-IV attack, and replayed-and-known-IV attack. Our attacks on cascaded three-key triple modes of operation requires 3-7 blocks of plaintexts (or ciphertexts) and 3 • 256-9 • 256 encryptions. We also give the attacks on multiple modes proposed by Biham.

AB - Normally, it has been believed that the initial values of cryptographic schemes do not need to be managed secretly unlike the secret keys. However, we show that multiple modes of operation of block ciphers can suffer a loss of security by the state of the initial values. We consider several attacks according to the environment of the initial values; known-IV attack, known-in-advance-IV attack, and replayed-and-known-IV attack. Our attacks on cascaded three-key triple modes of operation requires 3-7 blocks of plaintexts (or ciphertexts) and 3 • 256-9 • 256 encryptions. We also give the attacks on multiple modes proposed by Biham.

KW - Block ciphers

KW - Cryptanalysis

KW - Known-IV attacks

KW - Knownin- advance-IV attacks

KW - Multiple modes of operation

KW - Replayed-and-known-IV attacks

UR - http://www.scopus.com/inward/record.url?scp=33749562733&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33749562733&partnerID=8YFLogxK

U2 - 10.1007/s00145-006-0205-3

DO - 10.1007/s00145-006-0205-3

M3 - Article

VL - 19

SP - 441

EP - 462

JO - Journal of Cryptology

JF - Journal of Cryptology

SN - 0933-2790

IS - 4

ER -