Advertisement

On the Security Bounds of CMC, EME, EME +  and EME* Modes of Operation

  • Raphael C. -W. Phan
  • Bok-Min Goi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3783)

Abstract

Since 2002, variants of two tweakable block cipher modes of operation, CMC and EME, have been presented by Halevi and Rogaway that are suitable for encryption of disk sectors. In this paper, we show that the security bounds given in their proofs are tight, and hence complement the security proofs of the designers. In particular, we show how to distinguish the CMC, EME, EME +  and EME* modes from random tweakable permutations with negligible effort and 2 n/2 chosen plaintexts, where n is the block size in bits. Further, we point out that both modes leak secret information via side-channel attacks (timing and power) due to the data-dependent internal multiplication operation.

Keywords

Block cipher modes of operation tweakable schemes disk encryption security bounds distinguisher 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Biham, E.: Cryptanalysis of Multiple Modes of Operation. In: Safavi-Naini, R., Pieprzyk, J.P. (eds.) ASIACRYPT 1994. LNCS, vol. 917, pp. 278–292. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  2. 2.
    Biham, E.: Cryptanalysis of Multiple Modes of Operation. Journal of Cryptology 11, 45–58 (1998)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Biham, E.: Cryptanalysis of Triple Modes of Operation. Journal of Cryptology 12, 161–184 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Black, J., Rogaway, P.: A Block-cipher Mode of Operation for Parallizable Message Authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Ferguson, N.: Collsion Attacks on OCB. Comments to NIST, February 11 (2002), Available from NIST’s web page at http://csrc.nist.gov/CryptoToolkit/modes/
  6. 6.
    FIPS 81, DES Modes of Operation, US Department of Commerce, National Bureau of Standards (1980)Google Scholar
  7. 7.
    Halevi, S.: EME*: Extending EME to Handle Arbitrary-length Messages with Associated Data. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 315–327. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Halevi, S.: EME*: Extending EME to Handle Arbitrary-length Messages with Associated Data, full version, Cryptology ePrint archive (2004), http://eprint.iacr.org/2004/125/
  9. 9.
    Halevi, S., Rogaway, P.: A Tweakable Enciphering Mode. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 482–499. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Halevi, S., Rogaway, P.: A Tweakable Enciphering Mode, full version, Cryptology ePrint archive (2003), http://eprint.iacr.org/2003/148/
  11. 11.
    Halevi, S., Rogaway, P.: A Parallelizable Enciphering Mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292–304. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Halevi, S., Rogaway, P.: A Parallelizable Enciphering Mode, full version, Cryptology ePrint archive (2003), http://eprint.iacr.org/2003/147/
  13. 13.
    Handschuh, H., Preneel, B.: On the Security of Double and 2-key Triple Modes of Operation. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 215–230. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  14. 14.
    Iwata, T.: Comments on “On the Security of XCBC, TMAC and OMAC” by Mitchell. Comments to NIST, September 19 (2003), Available from NIST’s web page at http://csrc.nist.gov/CryptoToolkit/modes/
  15. 15.
    Joux, A.: Cryptanalysis of the EMD Mode of Operation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 1–16. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Kilian, J., Rogaway, P.: How to Protect DES Against Exhaustive Key Search. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 252–267. Springer, Heidelberg (1996)Google Scholar
  17. 17.
    Kilian, J., Rogaway, P.: How to Protect DES Against Exhaustive Key Search (an Analysis of DESX). Journal of Cryptology 14(1), 17–35 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  19. 19.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  20. 20.
    Liskov, M., Rivest, R., Wagner, D.: Tweakable Block Ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. 21.
    Mangard, S.: A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 343–358. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Mangard, S.: Securing Implementations of Block Ciphers against Side-Channel Attacks, PhD Dissertation, Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology (August 2004)Google Scholar
  23. 23.
    Mayer-Sommer, R.: Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 78–92. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  24. 24.
    Mitchell, C.J.: On the Security of XCBC, TMAC and OMAC. Comments to NIST, August 19 (2003), Available from NIST’s web page at http://csrc.nist.gov/CryptoToolkit/modes/
  25. 25.
    Rogaway, P.: The EMD Mode of Operation (a Tweaked, Wide-blocksize, Strong PRP), Cryptology ePrint archive (2002), http://eprint.iacr.org/2002/148/

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Raphael C. -W. Phan
    • 1
  • Bok-Min Goi
    • 2
  1. 1.Information Security Research (iSECURES) LabSwinburne University of TechnologyKuchingMalaysia
  2. 2.Centre for Cryptography and Information Security (CCIS), Faculty of EngineeringMultimedia UniversityCyberjayaMalaysia

Personalised recommendations