Collision attacks on OCB

نویسنده

  • Niels Ferguson
چکیده

We show that collision attacks are quite effective on the OCB block cipher mode. When a collision occurs OCB loses its authentication capability. To keep adequate authentication security OCB has to be limited in the amount of data it processes. This restriction is relevant to real-life applications, and casts doubt on the wisdom of using OCB.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Collision Attacks Against CAESAR Candidates - Forgery and Key-Recovery Against AEZ and Marble

In this paper we study authenticated encryption algorithms inspired by the OCB mode (Offset Codebook). These algorithms use secret offsets (masks derived from a whitening key) to turn a block cipher into a tweakable block cipher, following the XE or XEX construction. OCB has a security proof up to 2 queries, and a matching forgery attack was described by Ferguson, where the main step of the att...

متن کامل

Improved Collision Attack on OCB

In this paper we present an improvement of the collision attack [1] on the authenticated encryption mode of operation OCB. [1] presents a detection of collision method and a way to use the collision, and it is possible to use the information from a collision to change some blocks of the message unnoticed, if they have a special property. We found a way to use the information from a collision to...

متن کامل

Protecting Cipher Block Chaining Against Adaptive Chosen Plaintext Attack

In the literature, several encryption modes of operation based on cipher block chaining (CBC) has been proven to be secure under non-adaptive chosen plaintext attack (CPA-1) in the left-or-right (LOR) or find-then-guess (FTG) security models. However, it was shown by Joux et. al. at Crypto 2002 that if we allow the adversary to perform an adaptive chosen plaintext attack (CPA-2), then CBC, ABC ...

متن کامل

Practical Fault Attacks on Authenticated Encryption Modes for AES

Since the first demonstration of fault attacks by Boneh et al. on RSA, a multitude of fault attack techniques on various cryptosystems have been proposed. Most of these techniques, like Differential Fault Analysis, Safe Error Attack, and Collision Fault Analysis have the requirement to process two inputs that are either identical or related, in order to generate pairs of correct/faulty cipherte...

متن کامل

Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes

Since the first demonstration of fault attacks by Boneh et al. on RSA, a multitude of fault attack techniques on various cryptosystems have been proposed. Most of these techniques, like Differential Fault Analysis, Safe Error Attack, and Collision Fault Analysis have the requirement to process two inputs that are either identical or related, in order to generate pairs of correct/faulty cipherte...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2002