摘要
本文首次对国家标准GB/T 17964-2008中的BC加密模式进行了分析。在密文和随机串的不可区分(ROI-IND)的定义下,研究表明在常规的选择明文攻击下BC模式的机密性完全依赖于IV值的随机性;而在逐分组攻击(blockwise attack)下BC模式是不安全。因此,从具体应用角度来看,BC模式的实用性受限,例如其IV值不能作为Nonce使用,不能应用于在线消息处理场景,等等。针对这些问题,本文对BC加密模式进行了改进,提出了一种实用性更强的加密模式——基于Nonce的XBC模式,并证明了其在并发的逐分组适应的选择明文攻击下的机密性。
In this paper, we analyze the confidential security of the Block Chaining operation mode (BC mode) proposed in Chinese national standard GB/T 17964-2008. We define the real-or-ideal indistinguishability in the sense of distin- guishing the ciphertext with random bits. Using this ROI-IND concept, we prove that: 1) the CPA-security of BC mode totally depends on the randomness of IV, suffering easily misuse in practical implementations; 2) BC mode can't resist the blockwise adptive attack, and fails to provide confidentiality in real on-line applications. To fix the defects of BC mode, we propose an improved encryption mode - nonce-respected XBC mode, which is proved to be confidential against the concurrent blockwise adaptive chosen plaintext attack. Compared to the original BC mode, this nonce-respected XBC mode is easier to correct use, even in on-line applications.
作者
郑凯燕
王鹏
ZHENG Kaiyan WANG Peng(State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing 100093, China School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China)
出处
《信息安全学报》
CSCD
2017年第3期61-78,共18页
Journal of Cyber Security
基金
国家自然科学基金(Nos.61272477
61472415)
国家重点基础研究发展(973)计划(No.2014CB340603)
中国科学院战略性先导科技专项(No.XDA06010702)资助
关键词
BC加密模式
逐分组攻击
加密模式/工作模式
不可区分性
Nonce
选择明文攻击
block chaining operation mode
concurrent blockwise (adaptive) attack
encryption mode
indistinguishabil- ity
nonce
chosen plaintext attack
