Improved Collision Attack on OCB

نویسنده

  • John Erik Mathiassen
چکیده

In this paper we present an improvement of the collision attack [1] on the authenticated encryption mode of operation OCB. [1] presents a detection of collision method and a way to use the collision, and it is possible to use the information from a collision to change some blocks of the message unnoticed, if they have a special property. We found a way to use the information from a collision to change any future message in any position, without knowing anything about the plaintexts and the nonces. Once a collision is detected the probability of success of cheating is 1, and this part of the attack can be done by hand calculations. It must also be mentioned that our attack depends on the complexity of the detection of a collision, and this does not violate the security bounds given in [2, 3]. However once a collision is found the attack is simple and devastating.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Collision attacks on OCB

We show that collision attacks are quite effective on the OCB block cipher mode. When a collision occurs OCB loses its authentication capability. To keep adequate authentication security OCB has to be limited in the amount of data it processes. This restriction is relevant to real-life applications, and casts doubt on the wisdom of using OCB.

متن کامل

Collision Attacks Against CAESAR Candidates - Forgery and Key-Recovery Against AEZ and Marble

In this paper we study authenticated encryption algorithms inspired by the OCB mode (Offset Codebook). These algorithms use secret offsets (masks derived from a whitening key) to turn a block cipher into a tweakable block cipher, following the XE or XEX construction. OCB has a security proof up to 2 queries, and a matching forgery attack was described by Ferguson, where the main step of the att...

متن کامل

Protecting Cipher Block Chaining Against Adaptive Chosen Plaintext Attack

In the literature, several encryption modes of operation based on cipher block chaining (CBC) has been proven to be secure under non-adaptive chosen plaintext attack (CPA-1) in the left-or-right (LOR) or find-then-guess (FTG) security models. However, it was shown by Joux et. al. at Crypto 2002 that if we allow the adversary to perform an adaptive chosen plaintext attack (CPA-2), then CBC, ABC ...

متن کامل

The INT-RUP Security of OCB with Intermediate (Parity) Checksum

OCB is neither integrity under releasing unvierified plaintext (INT-RUP) nor nonce-misuse resistant. The tag of OCB is generated by encrypting plaintext checksum, which is vulnerable in the INT-RUP security model. This paper focuses on the weakness of the checksum processing in OCB. We describe a new notion, called plaintext or ciphertext checksum (PCC), which is a generalization of plaintext c...

متن کامل

Improved Collision Attack on MD4

In this paper, we propose an attack method to find collisions of MD4 hash function. This attack is the improved version of the attack which was invented by Xiaoyun Wang et al [1]. We were able to find collisions with probability almost 1, and the average complexity to find a collision is upper bounded by three times of MD4 hash operations. This result is improved compared to the original result...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005