引用本文
  • 郑凯燕,王鹏.BC加密模式的分析及其改进[J].信息安全学报,2017,2(3):61-78    [点击复制]
  • ZHENG Kaiyan,WANG Peng.The concrete security of BC mode and its improvement[J].Journal of Cyber Security,2017,2(3):61-78   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 7858次   下载 6759 本文二维码信息
码上扫一扫!
BC加密模式的分析及其改进
郑凯燕1,2,3, 王鹏1,2,3
0
(1.中国科学院信息工程研究所信息安全国家重点实验室, 北京 100093;2.中国科学院数据与通信保护研究教育中心, 北京 100093;3.中国科学院大学网络空间安全学院, 北京 100049)
摘要:
本文首次对国家标准GB/T 17964-2008中的BC加密模式进行了分析。在密文和随机串的不可区分(ROI-IND)的定义下,研究表明在常规的选择明文攻击下BC模式的机密性完全依赖于IV值的随机性;而在逐分组攻击(blockwise attack)下BC模式是不安全。因此,从具体应用角度来看,BC模式的实用性受限,例如其IV值不能作为Nonce使用,不能应用于在线消息处理场景,等等。针对这些问题,本文对BC加密模式进行了改进,提出了一种实用性更强的加密模式——基于Nonce的XBC模式,并证明了其在并发的逐分组适应的选择明文攻击下的机密性。
关键词:  BC加密模式  逐分组攻击  加密模式/工作模式  不可区分性  Nonce  选择明文攻击
DOI:10.19363/j.cnki.cn10-1380/tn.2017.07.004
投稿时间:2016-04-28修订日期:2017-03-24
基金项目:本课题得到国家自然科学基金(Nos.61272477,61472415)、国家重点基础研究发展(973)计划(No.2014CB340603)和中国科学院战略性先导科技专项(No.XDA06010702)资助。
The concrete security of BC mode and its improvement
ZHENG Kaiyan1,2,3, WANG Peng1,2,3
(1.State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;2.Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing 100093, China;3.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China)
Abstract:
In this paper, we analyze the confidential security of the Block Chaining operation mode (BC mode) proposed in Chinese national standard GB/T 17964-2008. We define the real-or-ideal indistinguishability in the sense of distinguishing the ciphertext with random bits. Using this ROI-IND concept, we prove that: 1) the CPA-security of BC mode totally depends on the randomness of IV, suffering easily misuse in practical implementations; 2) BC mode can't resist the blockwise adptive attack, and fails to provide confidentiality in real on-line applications. To fix the defects of BC mode, we propose an improved encryption mode-nonce-respected XBC mode, which is proved to be confidential against the concurrent blockwise adaptive chosen plaintext attack. Compared to the original BC mode, this nonce-respected XBC mode is easier to correct use, even in on-line applications.
Key words:  block chaining operation mode  concurrent blockwise (adaptive) attack  encryption mode  indistinguishability  nonce  chosen plaintext attack