Cryptanalysis of the ANSI X9.52 CBCM mode

Abstract

In this paper we cryptanalyze the CBCM mode of operation, which was almost included in the ANSI X9.52 Triple-DES Modes of Operation standard. The CBCM mode is a Triple-DES CBC variant which was designed against powerful attacks which control intermediate feedback for the benefit of the attacker. For this purpose, it uses intermediate feedbacks that the attacker cannot control, choosing them as a keyed OFB stream, independent of the plaintexts and the ciphertexts. In this paper we find a way to use even this kind of feedback for the benefit of the attacker, and we present an attack which requires a single chosen ciphertext of 265- blocks which needs to be stored and 259 complexity of analysis (CBCM encryptions) to find the key with a high probability. As a consequence of our attack, ANSI decided to remove the CBCM mode from the proposed standard. © 2002 International Association for Cryptologic Research.