0

It is not quite difficult to understand the idea of differential cryptanalysis applied to a standalone block cipher. The method investigates, how differences of plaintext evolve while going through rounds of the cipher.

But several sources mention the analysis of a block cipher in a mode of operation. But, for instance, "Differential Cryptanalysis of Data Encryption Standard" by Biham and Shamir just mentions, that DES in all standardized modes remains secure. The authors give no idea, how to perform such analysis.

The question is: what is the idea behind differential cryptanalysis of a block cipher in a mode of operation? There are no rounds involved, they are hidden in the cipher. So, what is the process, during which the differences evolution is investigated?

Georgy Firsov
  • 255
  • 1
  • 9
  • There are actually proofs of security for block cipher modes. Of course those assume that the block cipher itself is secure. At that point analyzing the mode of operation doesn't make much sense as the cipher itself is just a unaltered component, so assuming that the adversary already has a lot of power, the adversary won't gain anything from having the cipher in the mode of operation. – Maarten Bodewes Dec 10 '23 at 13:06
  • @MaartenBodewes provable security technique is widely spread, but has several limitations. I'm interested in other methods of block cipher modes analysis and found mentions of "classical" techniques applied to modes instantiated with a concrete block cipher. But I can't find any material to study. – Georgy Firsov Dec 10 '23 at 13:16
  • https://link.springer.com/article/10.1007/BF00630563 It is about chosen-ciphertext attack, that doesn't matter what kind of mode of operation you have! – kelalaka Dec 10 '23 at 13:52

0 Answers0