The security of ciphertext stealing

Phillip Rogaway; Mark Wooding; Haibin Zhang

doi:10.1007/978-3-642-34047-5_11

The security of ciphertext stealing

Phillip Rogaway^*, Mark Wooding, Haibin Zhang

^*此作品的通讯作者

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

11 引用（Scopus）

摘要

We prove the security of CBC encryption with ciphertext stealing. Our results cover all versions of ciphertext stealing recently recommended by NIST. The complexity assumption is that the underlying blockcipher is a good PRP, and the security notion achieved is the strongest one commonly considered for chosen-plaintext attacks, indistinguishability from random bits (ind$-security). We go on to generalize these results to show that, when intermediate outputs are slightly delayed, one achieves ind$-security in the sense of an online encryption scheme, a notion we formalize that focuses on what is delivered across an online API, generalizing prior notions of blockwise-adaptive attacks. Finally, we pair our positive results with the observation that the version of ciphertext stealing described in Meyer and Matyas's well-known book (1982) is not secure.

源语言	英语
主期刊名	Fast Software Encryption - 19th International Workshop, FSE 2012, Revised Selected Papers
页	180-195
页数	16
DOI	https://doi.org/10.1007/978-3-642-34047-5_11
出版状态	已出版 - 2012
已对外发布	是
活动	19th International Workshop on Fast Software Encryption, FSE 2012 - Washington, DC, 美国期限: 19 3月 2012 → 21 3月 2012

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	7549 LNCS
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	19th International Workshop on Fast Software Encryption, FSE 2012
国家/地区	美国
市	Washington, DC
时期	19/03/12 → 21/03/12

访问文件

10.1007/978-3-642-34047-5_11

其它文件与链接

链接到 Scopus 的出版物

引用此

Rogaway, P., Wooding, M., & Zhang, H. (2012). The security of ciphertext stealing. 在 Fast Software Encryption - 19th International Workshop, FSE 2012, Revised Selected Papers (页码 180-195). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 7549 LNCS). https://doi.org/10.1007/978-3-642-34047-5_11

@inproceedings{b0a6d0ad1ca145b092602116153bed25,

title = "The security of ciphertext stealing",

abstract = "We prove the security of CBC encryption with ciphertext stealing. Our results cover all versions of ciphertext stealing recently recommended by NIST. The complexity assumption is that the underlying blockcipher is a good PRP, and the security notion achieved is the strongest one commonly considered for chosen-plaintext attacks, indistinguishability from random bits (ind$-security). We go on to generalize these results to show that, when intermediate outputs are slightly delayed, one achieves ind$-security in the sense of an online encryption scheme, a notion we formalize that focuses on what is delivered across an online API, generalizing prior notions of blockwise-adaptive attacks. Finally, we pair our positive results with the observation that the version of ciphertext stealing described in Meyer and Matyas's well-known book (1982) is not secure.",

keywords = "CBC, blockwise-adaptive attacks, ciphertext stealing, cryptographic standards, modes of operation, provable security",

author = "Phillip Rogaway and Mark Wooding and Haibin Zhang",

year = "2012",

doi = "10.1007/978-3-642-34047-5_11",

language = "English",

isbn = "9783642340468",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "180--195",

booktitle = "Fast Software Encryption - 19th International Workshop, FSE 2012, Revised Selected Papers",

note = "19th International Workshop on Fast Software Encryption, FSE 2012 ; Conference date: 19-03-2012 Through 21-03-2012",

}

Rogaway, P, Wooding, M & Zhang, H 2012, The security of ciphertext stealing. 在 Fast Software Encryption - 19th International Workshop, FSE 2012, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 7549 LNCS, 页码 180-195, 19th International Workshop on Fast Software Encryption, FSE 2012, Washington, DC, 美国, 19/03/12. https://doi.org/10.1007/978-3-642-34047-5_11

The security of ciphertext stealing. / Rogaway, Phillip; Wooding, Mark; Zhang, Haibin.
Fast Software Encryption - 19th International Workshop, FSE 2012, Revised Selected Papers. 2012. 页码 180-195 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 7549 LNCS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - The security of ciphertext stealing

AU - Rogaway, Phillip

AU - Wooding, Mark

AU - Zhang, Haibin

PY - 2012

Y1 - 2012

N2 - We prove the security of CBC encryption with ciphertext stealing. Our results cover all versions of ciphertext stealing recently recommended by NIST. The complexity assumption is that the underlying blockcipher is a good PRP, and the security notion achieved is the strongest one commonly considered for chosen-plaintext attacks, indistinguishability from random bits (ind$-security). We go on to generalize these results to show that, when intermediate outputs are slightly delayed, one achieves ind$-security in the sense of an online encryption scheme, a notion we formalize that focuses on what is delivered across an online API, generalizing prior notions of blockwise-adaptive attacks. Finally, we pair our positive results with the observation that the version of ciphertext stealing described in Meyer and Matyas's well-known book (1982) is not secure.

AB - We prove the security of CBC encryption with ciphertext stealing. Our results cover all versions of ciphertext stealing recently recommended by NIST. The complexity assumption is that the underlying blockcipher is a good PRP, and the security notion achieved is the strongest one commonly considered for chosen-plaintext attacks, indistinguishability from random bits (ind$-security). We go on to generalize these results to show that, when intermediate outputs are slightly delayed, one achieves ind$-security in the sense of an online encryption scheme, a notion we formalize that focuses on what is delivered across an online API, generalizing prior notions of blockwise-adaptive attacks. Finally, we pair our positive results with the observation that the version of ciphertext stealing described in Meyer and Matyas's well-known book (1982) is not secure.

KW - CBC

KW - blockwise-adaptive attacks

KW - ciphertext stealing

KW - cryptographic standards

KW - modes of operation

KW - provable security

UR - http://www.scopus.com/inward/record.url?scp=84866650632&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-34047-5_11

DO - 10.1007/978-3-642-34047-5_11

M3 - Conference contribution

AN - SCOPUS:84866650632

SN - 9783642340468

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 180

EP - 195

BT - Fast Software Encryption - 19th International Workshop, FSE 2012, Revised Selected Papers

T2 - 19th International Workshop on Fast Software Encryption, FSE 2012

Y2 - 19 March 2012 through 21 March 2012

ER -

The security of ciphertext stealing

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此