Sciweavers

ACISP
2005
Springer

Cryptanalysis of Two Variants of PCBC Mode When Used for Message Integrity

14 years 6 months ago
Cryptanalysis of Two Variants of PCBC Mode When Used for Message Integrity
Abstract. The PCBC block cipher mode of operation has many variants, of which one, due to Meyer and Matyas, dates back over 20 years. Whilst a particularly simple variant of PCBC has long been known to be very weak when used for data integrity protection, the Meyer-Matyas variant has not previously been attacked. In this paper we cryptanalyse this mode, and show that it possesses a serious weakness when used for data integrity protection. Specifically, we show how to construct an existential forgery using only a single known ciphertext message and a modest amount of known plaintext (this could be as little as three plaintext blocks). We also describe a ciphertext-only existential forgery attack against another, recently proposed, PCBC-variant called M-PCBC.
Chris J. Mitchell
Added 26 Jun 2010
Updated 26 Jun 2010
Type Conference
Year 2005
Where ACISP
Authors Chris J. Mitchell
Comments (0)