Abstract
In this paper, we study the security of the Encrypt-Mask-Decrypt mode of operation, also called EMD, which was recently proposed for applications such as disk-sector encryption. The EMD mode transforms an ordinary block cipher operating on n-bit blocks into a tweakable block cipher operating on large blocks of size nm bits. We first show that EMD is not a secure tweakable block cipher and then describe efficient attacks in the context of disk-sector encryption. We note that the parallelizable variant of EMD, called EME that was proposed at the same time is also subject to these attacks.
In the course of developing one of the attacks, we revisit Wagner’s generalized birthday algorithm and show that in some special cases it performs much more efficiently than in the general case. Due to the large scope of applicability of this algorithm, even when restricted to these special cases, we believe that this result is of independent interest.
Keywords
- Block Cipher
- Malicious User
- Sector Number
- Blind Signature Scheme
- Heuristic Analysis
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download conference paper PDF
References
J. Black and P. Rogaway. A block-cipher mode of operation for parallelizable message authentication. In L. Knudsen, editor, Advances in Cryptology — Eurocrypt’2002, volume 2332 of Lectures Notes in Computer Science, pages 384–397. Springer, 2002.
S. Halevi. An Observation regarding Jutla’s modes of operation. Crytology ePrint archive, Report 2001/015, available at http://eprint.iacr.org.
C. Jutla. Encryption modes with almost free message integrity. In B. Pfitzmann, editor, Advances in Cryptology — Eurocrypt’01, volume 2045 of Lectures Notes in Computer Science. Springer-Verlag, 2001.
M. Liskov, R. Rivest, and D. Wagner. Tweakable block ciphers. In M. Yung, editor, Advances in Cryptology — Crypto’2002, volume 2442 of Lectures Notes in Computer Science, pages 31–46. Springer, 2002.
P. Rogaway. The EMD mode of operation (a tweaked, wide-blocksize, strong PRP), September 26th, 2002. Crytology ePrint archive, Report 2002/148, available at http://eprint.iacr.org.
D. Wagner. A generalized birthday problem. In M. Yung, editor, Advances in Cryptology — Crypto’2002, volume 2442 of Lectures Notes in Computer Science, pages 288–303. Springer, 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 International Association for Cryptologic Research
About this paper
Cite this paper
Joux, A. (2003). Cryptanalysis of the EMD Mode of Operation. In: Biham, E. (eds) Advances in Cryptology — EUROCRYPT 2003. EUROCRYPT 2003. Lecture Notes in Computer Science, vol 2656. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39200-9_1
Download citation
DOI: https://doi.org/10.1007/3-540-39200-9_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-14039-9
Online ISBN: 978-3-540-39200-2
eBook Packages: Springer Book Archive
