中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 会议论文
Title:
Attacking and fixing the CS mode
Author: Sui, Han (1) ; Wu, Wenling (1) ; Zhang, Liting (1) ; Wang, Peng (2)
Conference Name: 15th International Conference on Information and Communications Security, ICICS 2013
Conference Date: November 20, 2013 - November 22, 2013
Issued Date: 2013
Conference Place: Beijing, China
Publish Place: Springer Verlag, Tiergartenstrasse 17, Heidelberg, D-69121, Germany
Indexed Type: EI
ISSN: 3029743
ISBN: 9783319027258
Department: (1) Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China; (2) Data Assurance and Communication Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
Abstract: The security of the Cipher-State (CS) mode was proposed to NIST as an authenticated encryption (AE) scheme in 2004. The usual SPRP blockcipher security for AE schemes may not guarantee its security. By constructing a special SPRP, one can easily make a key-recovery attack with a single block query. The distinguishing attacks and the forgery attacks can also be made with simpler SPRP constructions. The security flaw relies in the method for generating initial whitening values. To fix this shortcoming, we propose a modified version CS* which incorporates a new method for generating initial whitening values, while keeping the main structure of CS unchanged. As we show, CS* is secure when its underlying blockcipher is an SPRP and halves of which are unpredictable. © Springer International Publishing 2013.
English Abstract: The security of the Cipher-State (CS) mode was proposed to NIST as an authenticated encryption (AE) scheme in 2004. The usual SPRP blockcipher security for AE schemes may not guarantee its security. By constructing a special SPRP, one can easily make a key-recovery attack with a single block query. The distinguishing attacks and the forgery attacks can also be made with simpler SPRP constructions. The security flaw relies in the method for generating initial whitening values. To fix this shortcoming, we propose a modified version CS* which incorporates a new method for generating initial whitening values, while keeping the main structure of CS unchanged. As we show, CS* is secure when its underlying blockcipher is an SPRP and halves of which are unpredictable. © Springer International Publishing 2013.
Language: 英语
Content Type: 会议论文
URI: http://ir.iscas.ac.cn/handle/311060/16647
Appears in Collections:软件所图书馆_会议论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
Sui, Han ,Wu, Wenling ,Zhang, Liting ,et al. Attacking and fixing the CS mode[C]. 见:15th International Conference on Information and Communications Security, ICICS 2013. Beijing, China. November 20, 2013 - November 22, 2013.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Sui, Han (1)]'s Articles
[Wu, Wenling (1)]'s Articles
[Zhang, Liting (1)]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Sui, Han (1)]‘s Articles
[Wu, Wenling (1)]‘s Articles
[Zhang, Liting (1)]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace