Error oracle attacks on several modes of operation

Abstract

In [7] Vaudenay demonstrated side-channel attacks on CBC-mode encryption, exploiting a "valid padding" oracle. His work showed that several uses of CBC-mode encryption in well-known products and standards were vulnerable to attack when an adversary was able to distinguish between valid and invalid ciphertexts. In [2] [5] [6], Black, Paterson,Taekeon et al.generalized these attacks to various padding schemes of CBC-mode encryption and multiple modes of operation. In this paper, we study side-channel attacks on the CFB, CBC|CBC, CFB|CFB, CBC|CBC|CBC, CFB|CFB|CFB modes under the error oracle models, which enable an adversary to determine the correct message with knowledge of ciphertext. It is shown that an attacker can exploit an oracle to efficiently extract the corresponding position plaintext bits of any block if the target plaintext contains some fixed bits in a known position of one block. © Springer-Verlag Berlin Heidelberg 2005.