Symmetric Nonce Respecting Security Model and the MEM Mode of Operation

  • Peng Wang
  • Dengguo Feng
  • Wenling Wu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4329)


The MEM mode is a nonce-based encryption mode of operation proposed by Chakraborty and Sarkar, which was claimed to be secure against symmetric nonce respecting adversaries. We first compare this security model with two similar models and then show that MEM is not secure under symmetric respecting attacks. One attack needs one decryption and one encryption queries, and the other only needs one encryption query.


Blockcipher tweakable blockcipher modes of operation nonce-based encryption security model 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Chakraborty, D., Sarkar, P.: A new mode of encryption secure against symmetric nonce respecting adversaries. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 293–309. Springer, Heidelberg (2006); Cryptology ePrint Archive, Report 2006/062 (2006), CrossRefGoogle Scholar
  3. 3.
    Halevi, S., Rogaway, P.: A tweakable enciphering mode. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 482–499. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Halevi, S., Rogaway, P.: A parallelizable enciphering mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292–304. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Joux, A.: Cryptanalysis of the EMD mode of operation. In: Knudsen, L.R. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 1–16. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Kohno, T., Viega, J., Whiting, D.: CWC: A high-performance conventional authenticated encryption mode. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 408–426. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    McGrew, D.A., Viega, J.: The security and performance of the galois/counter mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Rogaway, P.: The EMD mode of operation (tweaked, wide-blocksize, strong PRP) (2002),
  10. 10.
    Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348–359. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryptiona. In: Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 196–205 (2001)Google Scholar
  13. 13.
    Wang, P., Feng, D., Wu, W.: HCTR: A variable-input-length enciphering mode. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 175–188. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Peng Wang
    • 1
  • Dengguo Feng
    • 1
    • 2
  • Wenling Wu
    • 2
  1. 1.Graduate School of Chinese Academy of SciencesState Key Laboratory of Information SecurityBeijingChina
  2. 2.State Key Laboratory of Information SecurityInstitution of Software of Chinese Academy of SciencesBeijingChina

Personalised recommendations