Browse Prior Art Database

Masked Block Chaining Mode of Operation of a Block Cipher

IP.com Disclosure Number: IPCOM000118389D
Original Publication Date: 1997-Jan-01
Included in the Prior Art Database: 2005-Apr-01
Document File: 8 page(s) / 286K

Publishing Venue

IBM

Related People

Coppersmith, D: AUTHOR [+3]

Abstract

Disclosed is a method for increasing the strength of Triple-DES to certain attacks. The method uses an unknown feedback quantity rather than a non-secret feedback. The cost for this increased security is that twice as many encryptions/decryptions are required. However, significant increased protection is obtained against the threat of dictionary attacks that exploit the 64-bit blocksize of the DES algorithm.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 20% of the total text.

Masked Block Chaining Mode of Operation of a Block Cipher

      Disclosed is a method for increasing the strength of Triple-DES
to certain attacks.  The method uses an unknown feedback quantity
rather than a non-secret feedback.  The cost for this increased
security is that  twice as many encryptions/decryptions are required.
However, significant  increased protection is obtained against the
threat of dictionary attacks  that exploit the 64-bit blocksize of
the DES algorithm.

      Exhaustive key search remains the fastest known attack against
the DES.  But improvements in technology, and therefore the potential
for faster key search machines, now pose a greater threat to the use
of the DES with a single key.  The use of triple encryption with
multiple keys is generally accepted as the best and most practical
method for increasing the strength of the DES against key search
attacks.  The American National Standards Institute (ANSI) committee
X9.F.1 is working  on developing a triple DES encryption standard as
X9.52.

      This invention describes a method for increasing the strength
of Triple DES to certain attacks.  The method uses an unknown
feedback quantity rather than a non-secret feedback.  The cost for
this increased security is that twice as many encryptions/decryptions
are required.  However, significant increased protection is obtained
against the threat of dictionary attacks that exploit the 64-bit
blocksize of the  DES algorithm.

      Triple DES with Outer Feedback

      ANSI X9.F.1 is considering a suite of modes of operation for
Triple DES.  One of these modes is termed CBC with outer feedback
(Fig. 1).

Triple DES Outer CBC has the following advantageous attributes:
  1.  The input and output blocksize is 64 bits, the same
       as normal DES.
  2.  It is backwards compatible in regard to single-key DES
       encryption.
      o  Using one key value for all three key inputs results
          in the same output as a single DES encryption.
  3.  It has limited error propagation.
      o  When one block of ciphertext is corrupted, this results
          in only 2 blocks of recovered plaintext being corrupted.
          This is known as the self-healing or self-synchronizing
          property of CBC encryption.
  4.  It is resistant to cryptanalytic key discovery attacks.
      o  Using 2 keys, if n is the number of known plaintext
          blocks, then the best known workfactor is 2**112/n.
      o  Using 3 keys, the best known workfactor is 2**112 with
          some known plaintext.  Having many known plaintext blocks
          does not appear to reduce this workfactor.

      However, any multiple-key CBC mode of operation with outer
feedback using a 64 bit blocksize has the following disadvantageous
security attributes:
  1.  It has the complementary property, which an atta...