Cryptanalysis of Two Variants of PCBC Mode When Used for Message Integrity

14 years 4 months ago

Download www.isg.rhul.ac.uk

Abstract. The PCBC block cipher mode of operation has many variants, of which one, due to Meyer and Matyas, dates back over 20 years. Whilst a particularly simple variant of PCBC has long been known to be very weak when used for data integrity protection, the Meyer-Matyas variant has not previously been attacked. In this paper we cryptanalyse this mode, and show that it possesses a serious weakness when used for data integrity protection. Speciﬁcally, we show how to construct an existential forgery using only a single known ciphertext message and a modest amount of known plaintext (this could be as little as three plaintext blocks). We also describe a ciphertext-only existential forgery attack against another, recently proposed, PCBC-variant called M-PCBC.

Chris J. Mitchell

Real-time Traffic

ACISP 2005 | Block Cipher Mode Of Operation | Data Integrity Protection | Existential Forgery | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	26 Jun 2010
Updated	26 Jun 2010
Type	Conference
Year	2005
Where	ACISP
Authors	Chris J. Mitchell

Comments (0)

Sciweavers

Cryptanalysis of Two Variants of PCBC Mode When Used for Message Integrity

ACISP 2005 | Block Cipher Mode Of Operation | Data Integrity Protection | Existential Forgery | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers