Technical Report CS0928

Title: Cryptanalysis of the ANSI X9.52 CBCM Mode
Authors: Eli Biham, Lars R. Knudsen
Abstract: In this paper we cryptanalyze the proposed (almost accepted) ANSI X9.52 CBCM mode. The CBCM mode is a triple-DES CBC variant which was designed against powerful attacks which control intermediate feedbacks for the benefit of the attacker. For this purpose, it uses intermediate feedbacks that the attacker cannot control, choosing them as a keyed OFB stream, independent of the plaintexts and ciphertexts. The attack we describe finds a way to use even this kind of feedback for the benefit of the attacker. It requires a single chosen ciphertext of $2^{65}$ blocks and $2^{58}$ complexity of analysis. We also describe an adaptive known-IV related-key attack which find one of three 56-bit keys requiring one known plaintext encrypted under $2^{33}$ different but related keys with $2^{57}$ complexity of analysis.
CopyrightThe above paper is copyright by the Technion, Author(s), or others. Please contact the author(s) for more information

Remark: Any link to this technical report should be to this page (, rather than to the URL of the PDF files directly. The latter URLs may change without notice.

To the list of the CS technical reports of 1998
To the main CS technical reports page

Computer science department, Technion