International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 30 October 2014

Kenneth G. Paterson, Mario Strefler
ePrint Report ePrint Report
The HIVE hidden volume encryption system was proposed by Blass et al. at ACM-CCS 2014. Even though HIVE has a security proof, this paper demonstrates an attack on its implementation that breaks the main security property claimed for the system by its authors, namely plausible hiding against arbitrary-access adversaries. Our attack is possible because of HIVE\'s reliance on the RC4 stream cipher to fill unused blocks with pseudorandom data. While the attack can be easily eliminated by using a better pseudorandom generator, it serves as an example of why RC4 should be avoided in all new applications and a reminder that one has to be careful when instantiating primitives.

Expand

Additional news items may be found on the IACR news page.