Advances in Cryptology – EUROCRYPT 2012

Volume 7237 of the series Lecture Notes in Computer Science pp 682-699

Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation

  • Alexandra BoldyrevaAffiliated withGeorgia Institute of Technology
  • , Jean Paul DegabrieleAffiliated withRoyal Holloway, University of London
  • , Kenneth G. PatersonAffiliated withRoyal Holloway, University of London
  • , Martijn StamAffiliated withUniversity of Bristol


In recent years, a number of standardized symmetric encryption schemes have fallen foul of attacks exploiting the fact that in some real world scenarios ciphertexts can be delivered in a fragmented fashion. We initiate the first general and formal study of the security of symmetric encryption against such attacks. We extend the SSH-specific work of Paterson and Watson (Eurocrypt 2010) to develop security models for the fragmented setting. We also develop security models to formalize the additional desirable properties of ciphertext boundary hiding and robustness against Denial-of-Service (DoS) attacks for schemes in this setting. We illustrate the utility of each of our models via efficient constructions for schemes using only standard cryptographic components, including constructions that simultaneously achieve confidentiality, ciphertext boundary hiding and DoS robustness.