Skip to main content
SpringerLink
Log in

A Simple Key-Recovery Attack on McOE-X

  • Conference paper
Cryptology and Network Security (CANS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7712))

Included in the following conference series:

Abstract

In this paper, we present a key-recovery attack on the online authenticated encryption scheme McOE-X proposed by Fleischmann et al. at FSE 2012. The attack is based on the observation that in McOE-X the key is changed for every block of message that is encrypted in a deterministic way. This allows an adversary to recover the key by using a standard time-memory trade-off strategy. On its best setting the attack has a complexity as low as 2 ยท2n/2, while this should be 2n for a good scheme. Taking AES-128 as an example this would result in an attack with complexity of 265.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bellare, M., Boldyreva, A., Knudsen, L.R., Namprempre, C.: Online Ciphers and the Hash-CBC Construction. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol.ย 2139, pp. 292โ€“309. Springer, Heidelberg (2001)

    Chapterย  Google Scholarย 

  2. Bellare, M., Boldyreva, A., Knudsen, L.R., Namprempre, C.: On-Line Ciphers and the Hash-CBC Constructions. Cryptology ePrint Archive, Report 2007/197 (2007)

    Google Scholarย 

  3. Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. J. Cryptologyย 21(4), 469โ€“491 (2008)

    Articleย  MathSciNetย  MATHย  Google Scholarย 

  4. Biryukov, A., Khovratovich, D., Nikoliฤ‡, I.: Distinguisher and Related-Key Attack on the Full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol.ย 5677, pp. 231โ€“249. Springer, Heidelberg (2009)

    Chapterย  Google Scholarย 

  5. Black, J., Cochran, M., Shrimpton, T.: On the Impossibility of Highly-Efficient Blockcipher-Based Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol.ย 3494, pp. 526โ€“541. Springer, Heidelberg (2005)

    Chapterย  Google Scholarย 

  6. Black, J., Rogaway, P., Shrimpton, T.: Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol.ย 2442, pp. 320โ€“335. Springer, Heidelberg (2002)

    Chapterย  Google Scholarย 

  7. Black, J., Rogaway, P., Shrimpton, T., Stam, M.: An Analysis of the Blockcipher-Based Hash Functions from PGV. J. Cryptologyย 23(4), 519โ€“545 (2010)

    Articleย  MathSciNetย  MATHย  Google Scholarย 

  8. Fleischmann, E., Forler, C., Lucks, S.: McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol.ย 7549, pp. 196โ€“215. Springer, Heidelberg (2012)

    Chapterย  Google Scholarย 

  9. Fleischmann, E., Forler, C., Lucks, S., Wenzel, J.: McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes (extended version). Cryptology ePrint Archive, Report 2011/644 (2011)

    Google Scholarย 

  10. Hellman, M.E.: A cryptanalytic time-memory trade-off. IEEE Transactions on Information Theoryย 26(4), 401โ€“406 (1980)

    Articleย  MathSciNetย  MATHย  Google Scholarย 

  11. Hirose, S.: Secure Block Ciphers Are Not Sufficient for One-Way Hash Functions in the Preneel-Govaerts-Vandewalle Model. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol.ย 2595, pp. 339โ€“352. Springer, Heidelberg (2003)

    Chapterย  Google Scholarย 

  12. Liskov, M., Rivest, R.L., Wagner, D.: Tweakable Block Ciphers. J. Cryptologyย 24(3), 588โ€“613 (2011)

    Articleย  MathSciNetย  MATHย  Google Scholarย 

  13. Preneel, B., Govaerts, R., Vandewalle, J.: Hash Functions Based on Block Ciphers: A Synthetic Approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol.ย 773, pp. 368โ€“378. Springer, Heidelberg (1994)

    Google Scholarย 

  14. Quisquater, J.-J., Delescaille, J.-P.: How Easy Is Collision Search. New Results and Applications to DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.ย 435, pp. 408โ€“413. Springer, Heidelberg (1990)

    Google Scholarย 

  15. Rogaway, P., Shrimpton, T.: Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Key-Wrap Problem. Cryptology ePrint Archive, Report 2006/221 (2006)

    Google Scholarย 

  16. Rogaway, P., Zhang, H.: Online Ciphers from Tweakable Blockciphers. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol.ย 6558, pp. 237โ€“249. Springer, Heidelberg (2011)

    Chapterย  Google Scholarย 

Download references

Author information

Authors and Affiliations

  1. ESAT/COSIC and IBBT, Katholieke Universiteit Leuven, Belgium

    Florian Mendel,ย Bart Mennink,ย Vincent Rijmenย &ย Elmar Tischhauser

  2. IAIK, Graz University of Technology, Austria

    Florian Mendel

Authors
  1. Florian Mendel
    View author publications

    You can also search for this author in PubMedย Google Scholar

  2. Bart Mennink
    View author publications

    You can also search for this author in PubMedย Google Scholar

  3. Vincent Rijmen
    View author publications

    You can also search for this author in PubMedย Google Scholar

  4. Elmar Tischhauser
    View author publications

    You can also search for this author in PubMedย Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Macquarie University, 2109, Sydney, NSW, Australia

    Josef Pieprzyk

  2. System Security Lab., Technischeย Universitรคtย Darmstadt, Darmstadt, Germany

    Ahmad-Reza Sadeghi

  3. Department of Computing, University of Surrey, GU2 7XH, Guildford, UK

    Mark Manulis

Rights and permissions

Reprints and permissions

Copyright information

ยฉ 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mendel, F., Mennink, B., Rijmen, V., Tischhauser, E. (2012). A Simple Key-Recovery Attack on McOE-X. In: Pieprzyk, J., Sadeghi, AR., Manulis, M. (eds) Cryptology and Network Security. CANS 2012. Lecture Notes in Computer Science, vol 7712. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35404-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35404-5_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35403-8

  • Online ISBN: 978-3-642-35404-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation