ISCAS OpenIR
Attacking and fixing the CS mode
Sui, Han (1); Wu, Wenling (1); Zhang, Liting (1); Wang, Peng (2)
2013
会议名称15th International Conference on Information and Communications Security, ICICS 2013
页码318-330
会议日期November 20, 2013 - November 22, 2013
会议地点Beijing, China
收录类别EI
出版地Springer Verlag, Tiergartenstrasse 17, Heidelberg, D-69121, Germany
ISSN3029743
ISBN9783319027258
部门归属(1) Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China; (2) Data Assurance and Communication Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
摘要The security of the Cipher-State (CS) mode was proposed to NIST as an authenticated encryption (AE) scheme in 2004. The usual SPRP blockcipher security for AE schemes may not guarantee its security. By constructing a special SPRP, one can easily make a key-recovery attack with a single block query. The distinguishing attacks and the forgery attacks can also be made with simpler SPRP constructions. The security flaw relies in the method for generating initial whitening values. To fix this shortcoming, we propose a modified version CS* which incorporates a new method for generating initial whitening values, while keeping the main structure of CS unchanged. As we show, CS* is secure when its underlying blockcipher is an SPRP and halves of which are unpredictable. © Springer International Publishing 2013.; The security of the Cipher-State (CS) mode was proposed to NIST as an authenticated encryption (AE) scheme in 2004. The usual SPRP blockcipher security for AE schemes may not guarantee its security. By constructing a special SPRP, one can easily make a key-recovery attack with a single block query. The distinguishing attacks and the forgery attacks can also be made with simpler SPRP constructions. The security flaw relies in the method for generating initial whitening values. To fix this shortcoming, we propose a modified version CS* which incorporates a new method for generating initial whitening values, while keeping the main structure of CS unchanged. As we show, CS* is secure when its underlying blockcipher is an SPRP and halves of which are unpredictable. © Springer International Publishing 2013.
语种英语
内容类型会议论文
URI标识http://ir.iscas.ac.cn/handle/311060/16647
专题中国科学院软件研究所
推荐引用方式
GB/T 7714
Sui, Han ,Wu, Wenling ,Zhang, Liting ,et al. Attacking and fixing the CS mode[C]. Springer Verlag, Tiergartenstrasse 17, Heidelberg, D-69121, Germany,2013:318-330.
条目包含的文件
条目无相关文件。
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Sui, Han (1)]的文章
[Wu, Wenling (1)]的文章
[Zhang, Liting (1)]的文章
百度学术
百度学术中相似的文章
[Sui, Han (1)]的文章
[Wu, Wenling (1)]的文章
[Zhang, Liting (1)]的文章
必应学术
必应学术中相似的文章
[Sui, Han (1)]的文章
[Wu, Wenling (1)]的文章
[Zhang, Liting (1)]的文章
相关权益政策
暂无数据
收藏/分享
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。