A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation

We study notions and schemes for symmetric (ie. private key) encryption in a concrete security framework. We give four di erent notions of security against chosen plaintext attack and analyze the concrete complexity of reductions among them, providing both upper and lower bounds, and obtaining tight relations. In this way we classify notions (even though polynomially reducible to each other) as stronger or weaker in terms of concrete security. Next we provide concrete security analyses of methods to encrypt using a block cipher, including the most popular encryption method, CBC. We establish tight bounds (meaning matching upper bounds and attacks) on the success of adversaries as a function of their resources. Dept. of Computer Science & Engineering, University of California at San Diego, 9500 Gilman Drive, La Jolla, CA 92093, USA. E-Mail: fmihir; adesai; [email protected]. URL: http://www-cse.ucsd.edu/users/ fmihir; adesai; ejg. Supported in part by NSF CAREER Award CCR-9624439 and a 1996 Packard Foundation Fellowship in Science and Engineering. Dept. of Computer Science, Engineering II Bldg., University of California at Davis, Davis, CA 95616, USA. E-mail: [email protected]. URL: http://wwwcsif.cs.ucdavis.edu/~rogaway. Supported in part by NSF CAREER Award CCR-9624560.