Post-Quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation
نویسندگان
چکیده
We examine the IND-qCPA security of the wide-spread block cipher modes of operation CBC, CFB, OFB, CTR, and XTS (i.e., security against quantum adversaries doing queries in superposition). We show that OFB and CTR are secure assuming that the underlying block cipher is a standard secure PRF (a pseudorandom function secure under classical queries). We give counterexamples that show that CBC, CFB, and XTS are not secure under the same assumption. And we give proofs that CBC and CFB mode are secure if we assume a quantum secure PRF (secure under queries in superposition).
منابع مشابه
The Efficiency of Encryption Algorithms in EAX Moder of Operation in IPSEC-based Virtual Private Networks for Streaming Rich Multimedia Data
The characteristics of encryption/decryption algorithms (ciphers) and modes of their operation (modes) have significant influence on security and performance of computer networks. The common modes of cipher operation such as ECB, CBC, OFB, CFB, CTR and XTS provide various levels of data confidentiality; however, those modes do not provide integrity and authenticity of encrypted data, and, there...
متن کاملAdvanced Encryption Standard (AES) in Counter Mode
The Advanced Encryption Standard (AES), also known as Rijndael is a block cipher. The National Institute of Standards and Technology (NIST) has defined five modes of operation for AES. Each of these modes has different characteristics. The five modes are: Electronic Code Book (ECB), Cipher Block Chaining (CBC), Cipher FeedBack (CFB), Output FeedBack (OFB), and Counter (CTR). Only AES Counter mo...
متن کاملAutomated Security Proof for Symmetric Encryption
We presents a compositional Hoare logic for proving semantic security of modes of operation for symmetric key block ciphers. We propose a simple programming language to specify encryption modes and an assertion language that allows to state invariants and axioms and rules to establish such invariants. The assertion language consists of few atomic predicates. We were able to use our method to ve...
متن کاملImpossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block cipher modes
The block cipher modes of operation that are widely used (CBC, CTR, CFB) are secure up to the birthday bound; that is, if w2 or fewer bits of data are encrypted with a w-bit block cipher. However, the detailed security properties close to this bound are not widely appreciated, despite the fact that 64-bit block ciphers are sometimes used in that domain. This work addresses the issue by analyzin...
متن کاملModes of Encryption Secure against Blockwise-Adaptive Chosen-Plaintext Attack
Blockwise-adaptive chosen-plaintext and chosen-ciphertext attack are new models for cryptanalytic adversaries, first discovered by Joux, et al [JMV02], and describe a vulnerability in SSH discovered by Bellare, et al [BKN02]. Unlike traditional chosen-plaintext (CPA) or chosenciphertext (CCA) adversaries, the blockwise adversary can submit individual blocks for encryption or decryption rather t...
متن کامل