Chinese | English
ISCAS OpenIR
Attacking and fixing the CS mode
Sui, Han (1); Wu, Wenling (1); Zhang, Liting (1); Wang, Peng (2)
2013
Conference Name15th International Conference on Information and Communications Security, ICICS 2013
Pages318-330
Conference DateNovember 20, 2013 - November 22, 2013
Conference PlaceBeijing, China
Indexed TypeEI
Publish PlaceSpringer Verlag, Tiergartenstrasse 17, Heidelberg, D-69121, Germany
ISSN3029743
ISBN9783319027258
Department(1) Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China; (2) Data Assurance and Communication Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
English AbstractThe security of the Cipher-State (CS) mode was proposed to NIST as an authenticated encryption (AE) scheme in 2004. The usual SPRP blockcipher security for AE schemes may not guarantee its security. By constructing a special SPRP, one can easily make a key-recovery attack with a single block query. The distinguishing attacks and the forgery attacks can also be made with simpler SPRP constructions. The security flaw relies in the method for generating initial whitening values. To fix this shortcoming, we propose a modified version CS* which incorporates a new method for generating initial whitening values, while keeping the main structure of CS unchanged. As we show, CS* is secure when its underlying blockcipher is an SPRP and halves of which are unpredictable. © Springer International Publishing 2013.; The security of the Cipher-State (CS) mode was proposed to NIST as an authenticated encryption (AE) scheme in 2004. The usual SPRP blockcipher security for AE schemes may not guarantee its security. By constructing a special SPRP, one can easily make a key-recovery attack with a single block query. The distinguishing attacks and the forgery attacks can also be made with simpler SPRP constructions. The security flaw relies in the method for generating initial whitening values. To fix this shortcoming, we propose a modified version CS* which incorporates a new method for generating initial whitening values, while keeping the main structure of CS unchanged. As we show, CS* is secure when its underlying blockcipher is an SPRP and halves of which are unpredictable. © Springer International Publishing 2013.
Language英语
Content Type会议论文
URIhttp://ir.iscas.ac.cn/handle/311060/16647
Collection中国科学院软件研究所
Recommended Citation
GB/T 7714		 Sui, Han ,Wu, Wenling ,Zhang, Liting ,et al. Attacking and fixing the CS mode[C]. Springer Verlag, Tiergartenstrasse 17, Heidelberg, D-69121, Germany,2013:318-330.
Files in This Item:
There are no files associated with this item.
Related Services
Recommend this item
Bookmark
Usage statistics
Export to Endnote
Google Scholar
Similar articles in Google Scholar
[Sui, Han (1)]'s Articles
[Wu, Wenling (1)]'s Articles
[Zhang, Liting (1)]'s Articles
Baidu academic
Similar articles in Baidu academic
[Sui, Han (1)]'s Articles
[Wu, Wenling (1)]'s Articles
[Zhang, Liting (1)]'s Articles
Bing Scholar
Similar articles in Bing Scholar
[Sui, Han (1)]'s Articles
[Wu, Wenling (1)]'s Articles
[Zhang, Liting (1)]'s Articles
Terms of Use
No data!
Social Bookmark/Share
All comments (0)
No comment.
 

Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.