5 research outputs found
Cryptanalysis of the MEM Mode of Operation
Get PDFThe MEM mode is a nonce-based enciphering mode of operation proposed by Chakraborty and Sarkar, which was claimed to be secure against symmetric nonce respecting adversaries. We show that this is not correct by using two very simple attcks. One attack need one decryption and one decryption queries, and the other only need one encryption query
The EMD Mode of Operation (A Tweaked, Wide-Blocksize, Strong PRP)
Get PDFWe describe a block-cipher mode of operation, EMD, that builds a strong pseudorandom permutation (PRP) on nm bits (m ≥ 2) out of a strong PRP on n bits (i.e., a block cipher). The constructed PRP is also tweaked (in the sense of [10]): to determine the nm-bit ciphertext block C = E T K (P) one provides, besides the key K and the nm-bit plaintext block P,ann-bit tweak T.The mode uses 2m block-cipher calls and no other complex or computationally expensive steps (such as universal hashing). Encryption and decryption are identical except that encryption uses the forward direction of the underlying block cipher and decryption uses the backwards direction. We suggest that EMD provides an attractive solution to the disk-sector encryption problem, where one wants to encipher the contents of an nm-bit disk sector in a way that depends on the sector index and is secure against chosen-plaintext/chosen-ciphertext attack. Key words: block-cipher usage, cryptographic standards, disk encryption, EMD mode, modes of operation, provable security, symmetric encryption. Note (added Feb 2003): the modes in this paper are wron
The EMD Mode of Operation (A Tweaked, Wide-Blocksize, Strong PRP)
No full textAbstract We describe a block-cipher mode of operation, EMD, that builds a strong pseudorandom per-mutation (PRP) on nm bits (m> = 2) out of a strong PRP on n bits (i.e., a block cipher). Theconstructed PRP is also tweaked (in the sense of [10]): to determine the nm-bit ciphertext block C = ETK(P) one provides, besides the key K and the nm-bit plaintext block P, an n-bit tweak T. Themode uses 2 m block-cipher calls and no other complex or computationally expensive steps (such asuniversal hashing). Encryption and decryption are identical except that encryption uses the forward direction of the underlying block cipher and decryption uses the backwards direction. We suggestthat EMD provides an attractive solution to the disk-sector encryption problem, where one wants to encipher the contents of an nm-bit disk sector in a way that depends on the sector index and issecure against chosen-plaintext/chosen-ciphertext attack
