Forgery attack on the RPC incremental unforgeable encryption scheme

Forgery attack on the RPC incremental unforgeable encryption scheme

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IEE Proceedings - Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

We describe a forgery attack on the RPC incremental unforgeable encryption scheme. The attack allows an adversary to forge a new ciphertext with probability 1/2 using 2r/2 incremental update queries, where r is the parameter of random values used in the RPC scheme and is at most half the block length of the block cipher used. However, the original analysis claimed that on the order of 2r queries would be needed. When applying the attack to the scheme using a block cipher with 128-bit block length and assuming r = 48 as suggested in the original article of the RPC scheme, the adversary can obtain a forgery with probability 1/2 after 224 update queries. Even in the case of 256-bit RPC scheme with r = 64, the required number of queries is only 232. We also propose two methods to strengthen the RPC scheme for defeating the proposed attack.


    1. 1)
      • Bellare, M., Goldreich, O., Goldwasser, S.: `Incremental cryptography: The case of hashing and signing', Proc. Advances in Cryptology–Crypto 94, August 1994, Santa Barbara, California, p. 216–233, LNCS 839.
    2. 2)
      • Bellare, M., Micciancio, D.: `A new paradigm for collision-free hashing: incrementality at reduced cost', Proc. Advances in Cryptology–Eurocrypt 97, May 1997, Konstanz, Germany, p. 163–192, LNCS 1233.
    3. 3)
      • Buonanno, E., Katz, J., Yung, M.: `Incremental unforgeable encryption', FSE 2001, April 2001, Yokohama, Japan, p. 109–124, LNCS 2355.
    4. 4)
      • Jutla, C.S.: `Encryption modes with almost free message integrity', Proc. Advances in Cryptology–EUROCRYPT 2001, May 2001, Innsbruck, Austria, p. 529–544, LNCS 2045.
    5. 5)
      • Katz, J., Yung, M.: `Unforgeable encryption and chosen ciphertext secure modes of operation', FSE 2000, April 2000, New York, NY, USA, p. 284–299, LNCS 1978.
    6. 6)
      • Bellare, M., Namprempre, C.: `Authenticated encryption: relations among notions and analysis of the generic composition paradigm', Proc. Advances in Cryptology–ASIACRYPT 2000, December 2000, Kyoto, JAPAN, p. 531–545, LNCS 1976.

Related content

This is a required field
Please enter a valid email address