中文摘要：

本文首次对国家标准GB/T 17964-2008中的BC加密模式进行了分析。在密文和随机串的不可区分（ROI-IND）的定义下,研究表明在常规的选择明文攻击下BC模式的机密性完全依赖于IV值的随机性;而在逐分组攻击（blockwise attack）下BC模式是不安全。因此,从具体应用角度来看,BC模式的实用性受限,例如其IV值不能作为Nonce使用,不能应用于在线消息处理场景,等等。针对这些问题,本文对BC加密模式进行了改进,提出了一种实用性更强的加密模式——基于Nonce的XBC模式,并证明了其在并发的逐分组适应的选择明文攻击下的机密性。

英文摘要：

In this paper, we analyze the confidential security of the Block Chaining operation mode （BC mode） proposed in Chinese national standard GB/T 17964-2008. We define the real-or-ideal indistinguishability in the sense of distin- guishing the ciphertext with random bits. Using this ROI-IND concept, we prove that： 1） the CPA-security of BC mode totally depends on the randomness of IV, suffering easily misuse in practical implementations; 2） BC mode can＇t resist the blockwise adptive attack, and fails to provide confidentiality in real on-line applications. To fix the defects of BC mode, we propose an improved encryption mode - nonce-respected XBC mode, which is proved to be confidential against the concurrent blockwise adaptive chosen plaintext attack. Compared to the original BC mode, this nonce-respected XBC mode is easier to correct use, even in on-line applications.