Results 1  10
of
560
Keywords: Cipher Block Chaining, Adaptive Chosen Plaintext Attack, InputOutput Masked CBC
"... Abstract: In the literature, several encryption modes of operation based on cipher block chaining (CBC) has been proven to be secure under nonadaptive chosen plaintext attack (CPA1) in the leftorright (LOR) or findthenguess (FTG) security models. However, it was shown by Joux et. al. at Crypto ..."
Abstract
 Add to MetaCart
Abstract: In the literature, several encryption modes of operation based on cipher block chaining (CBC) has been proven to be secure under nonadaptive chosen plaintext attack (CPA1) in the leftorright (LOR) or findthenguess (FTG) security models. However, it was shown by Joux et. al
Generic Attacks on Unbalanced Feistel Schemes with Expanding Functions
 ASIACRYPT'07
, 2007
"... Unbalanced Feistel schemes with expanding functions are used to construct pseudorandom permutations from kn bits to kn bits by using random functions from n bits to (k − 1)n bits. At each round, all the bits except n bits are changed by using a function that depends only on these n bits. C.S.Jutla ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
.S.Jutla [6] investigated such schemes, which he denotes by F^d_k, where d is the number of rounds. In this paper, we describe novel Known Plaintext Attacks (KPA) and Non Adaptive Chosen Plaintext Attacks (CPA1) against these schemes. With these attacks we will often be able to improve the result of C
Differential Attacks on Generalized Feistel Schemes
"... Abstract. While generic attacks on classical Feistel schemes and unbalanced Feistel schemes have been studied a lot, generic attacks on several generalized Feistel schemes like type1, type2 and type3 and Alternating Feistel schemes, as defined in [6], have not been systematically investigated. Th ..."
Abstract
 Add to MetaCart
. This is the aim of this paper. We give our best Known Plaintext Attacks and nonadaptive Chosen Plaintext Attacks on these schemes and we determine the maximum number of rounds that we can attack. It is interesting to have generic attacks since there are well known block cipher networks that use generalized
Relations among notions of security for publickey encryption schemes
, 1998
"... Abstract. We compare the relative strengths of popular notions of security for public key encryption schemes. We consider the goals of privacy and nonmalleability, each under chosen plaintext attack and two kinds of chosen ciphertext attack. For each of the resulting pairs of definitions we prove e ..."
Abstract

Cited by 517 (69 self)
 Add to MetaCart
Abstract. We compare the relative strengths of popular notions of security for public key encryption schemes. We consider the goals of privacy and nonmalleability, each under chosen plaintext attack and two kinds of chosen ciphertext attack. For each of the resulting pairs of definitions we prove
Lubyrackoff ciphers from weak round functions
 In EUROCRYPT
, 2006
"... Abstract. The Feistelnetwork is a popular structure underlying many blockciphers where the cipher is constructed from many simpler rounds, each defined by some function which is derived from the secret key. Luby and Rackoff showed that the threeround Feistelnetwork – each round instantiated with ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
– far from being pseudorandom. We investigate the security of the Feistelnetwork against CPA distinguishers when the only security guarantee we have for the round functions is that they are secure against nonadaptive chosen plaintext attacks (nCPA). We show that in the informationtheoretic setting
NonMalleable Cryptography
 SIAM Journal on Computing
, 2000
"... The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. ..."
Abstract

Cited by 480 (20 self)
 Add to MetaCart
The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related
Generic Attacks on Misty Schemes5 rounds is not enough
"... Abstract. Misty schemes are classic cryptographic schemes used to construct pseudorandom permutations from 2n bits to 2n bits by using d pseudorandom permutations from n bits to n bits. These d permutations will be called the “internal ” permutations, and d is the number of rounds of the Misty sch ..."
Abstract
 Add to MetaCart
when the internal permutations do not have special properties, or are randomly chosen. We describe known plaintext attacks (KPA), nonadaptive chosen plaintext attacks (CPA1) and adaptive chosen plaintext and ciphertext attacks (CPCA2) against these schemes. Some of these attacks were previously
Generic attacks on Alternating Unbalanced Feistel Schemes
"... Abstract. Generic attacks against classical (balanced) Feistel schemes, unbalanced Feistel schemes with contracting functions and unbalanced Feistel schemes with expanding functions have been studied in [12], [4], [15], [16]. In this paper we study schemes where we use alternatively contracting rand ..."
Abstract
 Add to MetaCart
)n bits to n bits. We describe the best generic attacks we have found. We present“known plaintext attacks” (KPA) and “nonadaptive chosen plaintext attacks ” (CPA1). Let d be the number of rounds. We show that if d ≤ k, there are CPA1 with 2 messages and KPA with m the number of messages about 2 (d
Vulnerability of SSL to ChosenPlaintext Attack
, 2004
"... The Secure Sockets Layer (SSL) protocol is widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL standard mandates the use of the cipher block chaining (CBC) mode of encryption which requires an initialization vector (IV) in order to encryp ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
to encrypt. Although the initial IV used by SSL is a (pseudo)random string which is generated and shared during the initial handshake phase, subsequent IVs used by SSL are chosen in a deterministic, predictable pattern; in particular, the IV of a message is taken to be the final ciphertext block
Modes of Encryption Secure against BlockwiseAdaptive ChosenPlaintext Attack
, 2006
"... Blockwiseadaptive chosenplaintext and chosenciphertext attack are new models for cryptanalytic adversaries, first discovered by Joux, et al [JMV02], and describe a vulnerability in SSH discovered by Bellare, et al [BKN02]. Unlike traditional chosenplaintext (CPA) or chosenciphertext (CCA) ad ..."
Abstract
 Add to MetaCart
) adversaries, the blockwise adversary can submit individual blocks for encryption or decryption rather than entire messages. This paper focuses on the search for online encryption schemes which are resistant to blockwiseadaptive chosenplaintext attack. We prove that one oracle query with nonequal inputs
Results 1  10
of
560