Critical Weaknesses of iaPCBC

Niels Ferguson, Doug Whiting, John Kelsey, David Wagner

Unpublished manuscript.

Abstract

The iaPCBC scheme of Gligor and Donescu does not achieve its stated goal of secure authentication. A trivial attack of constant effort produces corrupted packets that are guaranteed not to be detected as such, for packets of sufficient (but practical) length. The existence of such simple attacks implies that the entire approach, including the so-called security "proofs", is fundamentally flawed.

Download

Zipped PostScript(43 kB)
PDF (125 kB)

Home

About

Publications

Practical Cryptography