【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 7870次   下载 6775 本文二维码信息
码上扫一扫!
BC加密模式的分析及其改进
郑凯燕,王鹏
分享到: 微信 更多
(中国科学院信息工程研究所信息安全国家重点实验室, 北京 100093;中国科学院数据与通信保护研究教育中心, 北京 100093;中国科学院大学网络空间安全学院, 北京 100049)
摘要:
本文首次对国家标准GB/T 17964-2008中的BC加密模式进行了分析。在密文和随机串的不可区分(ROI-IND)的定义下,研究表明在常规的选择明文攻击下BC模式的机密性完全依赖于IV值的随机性;而在逐分组攻击(blockwise attack)下BC模式是不安全。因此,从具体应用角度来看,BC模式的实用性受限,例如其IV值不能作为Nonce使用,不能应用于在线消息处理场景,等等。针对这些问题,本文对BC加密模式进行了改进,提出了一种实用性更强的加密模式——基于Nonce的XBC模式,并证明了其在并发的逐分组适应的选择明文攻击下的机密性。
关键词:  BC加密模式  逐分组攻击  加密模式/工作模式  不可区分性  Nonce  选择明文攻击
DOI:10.19363/j.cnki.cn10-1380/tn.2017.07.004
投稿时间:2016-04-28修订日期:2017-03-24
基金项目:本课题得到国家自然科学基金(Nos.61272477,61472415)、国家重点基础研究发展(973)计划(No.2014CB340603)和中国科学院战略性先导科技专项(No.XDA06010702)资助。
The concrete security of BC mode and its improvement
ZHENG Kaiyan,WANG Peng
State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Abstract:
In this paper, we analyze the confidential security of the Block Chaining operation mode (BC mode) proposed in Chinese national standard GB/T 17964-2008. We define the real-or-ideal indistinguishability in the sense of distinguishing the ciphertext with random bits. Using this ROI-IND concept, we prove that: 1) the CPA-security of BC mode totally depends on the randomness of IV, suffering easily misuse in practical implementations; 2) BC mode can't resist the blockwise adptive attack, and fails to provide confidentiality in real on-line applications. To fix the defects of BC mode, we propose an improved encryption mode-nonce-respected XBC mode, which is proved to be confidential against the concurrent blockwise adaptive chosen plaintext attack. Compared to the original BC mode, this nonce-respected XBC mode is easier to correct use, even in on-line applications.
Key words:  block chaining operation mode  concurrent blockwise (adaptive) attack  encryption mode  indistinguishability  nonce  chosen plaintext attack