On the security bounds of CMC, EME, EME(+) and EME* - Modes of operation
Since 2002, variants of two tweakable block cipher modes of operation, CMC and EME, have been presented by Halevi and Rogaway that are suitable for encryption of disk sectors. In this paper, we show that the security bounds given in their proofs are tight, and hence complement the security proofs of...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Published: |
2005
|
| Subjects: | |
| Online Access: | http://shdl.mmu.edu.my/2351/ |
| _version_ | 1848790032574316544 |
|---|---|
| author | Phan, , RCW Goi, , BM |
| author_facet | Phan, , RCW Goi, , BM |
| author_sort | Phan, , RCW |
| building | MMU Institutional Repository |
| collection | Online Access |
| description | Since 2002, variants of two tweakable block cipher modes of operation, CMC and EME, have been presented by Halevi and Rogaway that are suitable for encryption of disk sectors. In this paper, we show that the security bounds given in their proofs are tight, and hence complement the security proofs of the designers. In particular, we show how to distinguish the CMC, EME, EME(+) and EME* modes from random tweakable permutations with negligible effort and 2(n/2) chosen plaintexts, where n is the block size in bits. Further, we point out that both modes leak secret information via side-channel attacks (timing and power) due to the data-dependent internal multiplication operation. |
| first_indexed | 2025-11-14T18:06:10Z |
| format | Article |
| id | mmu-2351 |
| institution | Multimedia University |
| institution_category | Local University |
| last_indexed | 2025-11-14T18:06:10Z |
| publishDate | 2005 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | mmu-23512011-08-23T05:33:23Z http://shdl.mmu.edu.my/2351/ On the security bounds of CMC, EME, EME(+) and EME* - Modes of operation Phan, , RCW Goi, , BM QA75.5-76.95 Electronic computers. Computer science Since 2002, variants of two tweakable block cipher modes of operation, CMC and EME, have been presented by Halevi and Rogaway that are suitable for encryption of disk sectors. In this paper, we show that the security bounds given in their proofs are tight, and hence complement the security proofs of the designers. In particular, we show how to distinguish the CMC, EME, EME(+) and EME* modes from random tweakable permutations with negligible effort and 2(n/2) chosen plaintexts, where n is the block size in bits. Further, we point out that both modes leak secret information via side-channel attacks (timing and power) due to the data-dependent internal multiplication operation. 2005 Article NonPeerReviewed Phan, , RCW and Goi, , BM (2005) On the security bounds of CMC, EME, EME(+) and EME* - Modes of operation. INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS , 3783 . pp. 136-146. ISSN 0302-9743 |
| spellingShingle | QA75.5-76.95 Electronic computers. Computer science Phan, , RCW Goi, , BM On the security bounds of CMC, EME, EME(+) and EME* - Modes of operation |
| title | On the security bounds of CMC, EME, EME(+) and EME* - Modes of operation |
| title_full | On the security bounds of CMC, EME, EME(+) and EME* - Modes of operation |
| title_fullStr | On the security bounds of CMC, EME, EME(+) and EME* - Modes of operation |
| title_full_unstemmed | On the security bounds of CMC, EME, EME(+) and EME* - Modes of operation |
| title_short | On the security bounds of CMC, EME, EME(+) and EME* - Modes of operation |
| title_sort | on the security bounds of cmc, eme, eme(+) and eme* - modes of operation |
| topic | QA75.5-76.95 Electronic computers. Computer science |
| url | http://shdl.mmu.edu.my/2351/ |