Cryptanalysis of some recently-proposed multiple modes of operation

Abstract

In a paper cryptanalyzing many triple modes of operation, Biham proposed four new triple modes and five new quadruple modes of operation for DES. It was conjectured that the complexity (in a particular threat model) of breaking the triple modes is at least 2112 and that the quadruple modes are more secure than any triple mode. We present new attacks on all but one of the proposed modes. We can break all but two of Biham's proposed modes with at most 256 off-line trial encryptions and between 2 and 232 (depending upon the mode) chosen-IV chosen texts; another mode can be broken with somewhat more work. This raises questions about the suitability of the proposed modes, and provides further evidence for the fragility of inner chaining; however, we emphasize that our results do not disprove Biham's conjectures, as we rely on an extended attack model which admits more powerful adversaries who can mount chosen-IV queries, a capability denied to them in Biham's model.