On the security bounds of CMC, EME, EME(+) and EME* - Modes of operation

Phan, , RCW; Goi, , BM

oai:shdl.mmu.edu.my:2351

On the security bounds of CMC, EME, EME(+) and EME* - Modes of operation

Authors: , RCW Phan
, BM Goi
Publication date: 1 January 2005
Publisher

Abstract

Since 2002, variants of two tweakable block cipher modes of operation, CMC and EME, have been presented by Halevi and Rogaway that are suitable for encryption of disk sectors. In this paper, we show that the security bounds given in their proofs are tight, and hence complement the security proofs of the designers. In particular, we show how to distinguish the CMC, EME, EME(+) and EME* modes from random tweakable permutations with negligible effort and 2(n/2) chosen plaintexts, where n is the block size in bits. Further, we point out that both modes leak secret information via side-channel attacks (timing and power) due to the data-dependent internal multiplication operation

Similar works

Full text

SHDL@MMU Digital Repository

oai:shdl.mmu.edu.my:2351

Last time updated on 28/10/2013

This paper was published in SHDL@MMU Digital Repository.

Having an issue?

Is data on this page outdated, violates copyrights or anything else? Report the problem now and we will take corresponding actions after reviewing your request.