Cryptanalysis of the ANSI X9.52 CBCM mode

  • Eli Biham
  • Lars R. Knudsen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1403)


In this paper we cryptanalyze the proposed (almost accepted) ANSI X9.52 CBCM mode. The CBCM mode is a triple-DES CBC variant which was designed against powerful attacks which control intermediate feedbacks for the benefit of the attacker. For this purpose, it uses intermediate feedbacks that the attacker cannot control, choosing them as a keyed OFB stream, independent of the plaintexts and ciphertexts. The attack we describe finds a way to use even this kind of feedback for the benefit of the attacker. It requires a single chosen ciphertext of 265 blocks and 258 complexity of analysis. We also describe an adaptive known-IV related-key attack which find one of three 56-bit keys requiring one known plaintext encrypted under 233 different but related keys with 257 complexity of analysis.

Key words

Cryptanalysis ANSI X9.52 Modes of operation CBCM mode Triple-DES Multiple Encryption 


  1. 1.
    ANSI draft X9.52, Triple Data Encryption Algorithm Modes of Operation, Revision 6.0, May 1996.Google Scholar
  2. 2.
    Eli Biham, On Modes of Operation (Abstract), proceedings of Fast Software Encryption, Cambridge, Lecture Notes in Computer Science, pp. 116–120, 1993.Google Scholar
  3. 3.
    Eli Biham, Cryptanalysis of Multiple Modes of Operation, Lecture Notes in Computer Science, Advances in Cryptology, proceedings of ASIACRYPT'94, pp. 278–292, 1994.Google Scholar
  4. 4.
    Eli Biham, How to Forge DES-Encrypted Messages in 228 Steps, technical reports CS884, Technion, August 1996.Google Scholar
  5. 5.
    Eli Biham, Cryptanalysis of Triple Modes of Operation, technical reports CS885, Technion, August 1996. This is a preliminary version of [6].Google Scholar
  6. 6.
    Eli Biham, Cryptanalysis of Triple Modes of Operation, Journal of Cryptology, to appear.Google Scholar
  7. 7.
    Don Coppersmith, Don B. Johnson, Stephen M. Matyas, Triple DES Cipher Block Chaining with Output Feedback Masking, submitted to ANSI, 1995.Google Scholar
  8. 8.
    D. Coppersmith, D. B. Johnson, S. M. Matyas, A Proposed Mode for Triple-DES Encryption, IBM Journal of Research and Development, Vol. 40, No. 2, pp. 253–262, March 1996.CrossRefGoogle Scholar
  9. 9.
    The DESCHALL home page, Scholar
  10. 10.
    B. S. Kaliski and M. J. B. Robshaw. Multiple encryption: Weighing security and performance. Dr. Dobbs Journal, pp. 123–127, January 1996.Google Scholar
  11. 11.
    L.R. Knudsen. Block Ciphers — Analysis, Design and Applications. PhD thesis, Aarhus University, Denmark, 1994.Google Scholar
  12. 12.
    Stefan Lucks, Attacking Triple Encryption, proceedings of Fast Software Encryption, Paris, Lecture Notes in Computer Science, 1998.Google Scholar
  13. 13.
    R. C. Merkle, M. E. Hellman, On the Security of Multiple Encryption, Communications of the ACM, Vol. 24, No. 7, pp. 465–467, July 1981.MathSciNetCrossRefGoogle Scholar
  14. 14.
    National Bureau of Standards, Data Encryption Standard, U.S. Department of Commerce, FIPS pub. 46, January 1977.Google Scholar
  15. 15.
    Paul C. van Oorschot, Michael J. Wiener, A known-plaintext attack on two-key triple encryption, Advances in Cryptology, proceedings of EUROCRYPT'90, LNCS 473, pp. 318–325, 1990.Google Scholar
  16. 16.
    David Wagner, Cryptanalysis of Some Multiple Modes of Operation, proceedings of Fast Software Encryption, Paris, Lecture Notes in Computer Science, 1998.Google Scholar
  17. 17.
    Michael J. Wiener, Efficient DES Key Search, technical report TR-244, School of Computer Science, Carleton University, Ottawa, Canada, May 1994. Presented at the Rump session of CRYPTO'93, August 1993.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Eli Biham
    • 1
  • Lars R. Knudsen
    • 2
  1. 1.Computer Science DepartmentTechnion - Israel Institute of TechnologyHaifaIsrael
  2. 2.Department of InformaticsUniversity of BergenBergenNorway

Personalised recommendations