On modes of operation

(Abstract) February 22, 1994
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 809)


In this paper we study the modes of operation in which a cryptosystem, and in particular DES, can be used. This study shows that attempts to complicate the modes of operation weaken (in many cases) the resultant modes. We conclude that operation modes should be designed around the underlying cryptosystem without any attempt to use intermediate data as feedback, or to mix the feedback into an intermediate round. Thus, in particular, triple-DES used in CBC mode is more secure than a single-DES used in triple-CBC mode. Alternatively, if several encryptions are applied to each block, the best choice is to concatenate them to one long encryption, and build the mode of operation around it.


Intermediate Data Data Encryption Standard Differential Cryptanalysis Plaintext Attack Choose Ciphertext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    Ross Anderson, private communications, 1993.Google Scholar
  2. [2]
    Eli Biham, Adi Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.Google Scholar
  3. [3]
    Carl Ellison, private communications, 1993.Google Scholar
  4. [4]
    M. Matsui, Linear Cryptanalysis Method for DES Cipher, Abstracts of EUROCRYPT'93, pp. W112–W123, May 1993.Google Scholar
  5. [5]
    National Bureau of Standards, Data Encryption Standard, U.S. Department of Commerce, FIPS pub. 46, January 1977.Google Scholar
  6. [6]
    National Bureau of Standards, DES Modes of Operation, U.S. Department of Commerce, FIPS pub. 81, December 1980.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  1. 1.Computer Science DepartmentTechnion - Israel Institute of TechnologyHaifaIsrael

Personalised recommendations