The idea of combining a very simple form of added plaintext redundancy with a special mode of data encryption to provide data integrity is an old one; however, despite its wide deployment in protocols such as Kerberos, it has largely been superseded by provably secure authenticated encryption techniques. In this paper we cryptanalyse a block cipher mode of operation called IOBC, possibly the only remaining encryption mode designed for such use that has not previously been analyzed. We show that IOBC is subject to known-plaintext-based forgery attacks with a complexity of around 2n/3 , where n is the block cipher block length.
Chris J. Mitchell