Online Ciphers and the Hash-CBC Construction

  • Mihir Bellare
  • Alexandra Boldyreva
  • Lars Knudsen
  • Chanathip Namprempre
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2139)


We initiate a study of on-line ciphers. These are ciphers that can take input plaintexts of large and varying lengths and will output the ith block of the ciphertext after having processed only the first i blocks of the plaintext. Such ciphers permit length-preserving encryption of a data stream with only a single pass through the data. We provide security definitions for this primitive and study its basic properties. We then provide attacks on some possible candidates, including CBC with fixed IV. Finally we provide a construction called HCBC which is based on a given block cipher E and a family of AXU functions. HCBC is proven secure against chosen-plaintext attacks assuming that E is a PRP secure against chosen-plaintext attacks


Hash Function Oracle Query Oracle Access Choose Ciphertext Attack Polynomial Time Adversary 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    M. Bellare, A. Boldyreva, L. Knudsen, C. Namprempre. On-line ciphers and the Hash-CBC construction. Full version of this paper, available via
  2. 2.
    M. Bellare, J. Kilian, and P. Rogaway. The security of the cipher block chaining message authentication code. In Journal of Computer and System Sciences, volume 61, No. 3, pages 362–399, Dec 2000. Academic Press.zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In T. Okamoto, editor, Advances in Cryptology— ASIACRYPT’ 00, volume 1976 of Lecture Notes in Computer Science, pages 531–545, Berlin, Germany, Dec. 2000. Springer-Verlag.CrossRefGoogle Scholar
  4. 4.
    M. Bellare and P. Rogaway. Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography. In T. Okamoto, editor, Advances in Cryptology — ASIACRYPT’ 00, volume 1976 of Lecture Notes in Computer Science, pages 317–330, Berlin, Germany, Dec. 2000. Springer-Verlag.CrossRefGoogle Scholar
  5. 5.
    C. Campbell. Design and specification of cryptographic capabilities. In D. Brandstad, editor, Computer Security and the Data Encryption Standard, National Bureau of Standards Special Publications 500-27, U.S. Department of Commerce, pages 54–66, February 1978.Google Scholar
  6. 6.
    O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions, Journal of the ACM, Vol. 33, No. 4, 1986, pp. 210–217.CrossRefMathSciNetGoogle Scholar
  7. 7.
    L. Knudsen. Block chaining modes of operation. Reports in Informatics, Report 207, Dept. of Informatics, University of Bergen, October 2000.Google Scholar
  8. 8.
    H. Krawczyk. LFSR-based hashing and authenticating. In Y. Desmedt, editor, Advances in Cryptology — CRYPTO’ 94, volume 839 of Lecture Notes in Computer Science, pages 129–139, Berlin, Germany, 1994. Springer-Verlag.Google Scholar
  9. 9.
    M. Luby and C. Rackoff. How to construct pseudo-random permutations from pseudo-random functions. SIAM Journal of Computing, Vol. 17, No. 2, pp. 373–386, April 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    C. Meyer and Matyas. A new direction in Computer Data Security. John Wiley & Sons, 1982.Google Scholar
  11. 11.
    M. Naor and O. Reingold. On the construction of pseudorandom permutations: Luby-Rackoff Revisited. In J. Feigenbaum, editor, Journal of Cryptology, Volume 12, Number 1, Winter 1999. Springer-Verlag.Google Scholar
  12. 12.
    W. Nevelsteen and B. Preneel. Software performance of universal hash functions. In J. Stern, editor, Advances in Cryptology — EUROCRYPT’ 99, volume 1592 of Lecture Notes in Computer Science, pages 24–41, Berlin, Germany, 1999. Springer-Verlag.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Alexandra Boldyreva
    • 1
  • Lars Knudsen
    • 2
  • Chanathip Namprempre
    • 1
  1. 1.Department of Computer Science & EngineeringUniversity of CaliforniaSan Diego La Jolla
  2. 2.Department of InformaticsBergenNorway

Personalised recommendations