IOC - An attack with chosen plaintext

Paul Bottinelli, Reza Reyhanitabar and Serge Vaudenay, from the École Polytechnique Fédérale de Lausanne, have identified a weak aspect in IOC (and quite obvious now): when the plaintext is composed by null blocks (i.e. Pi = 0) then the  xor & '+' combination gets simply in a regular combination of '+' additions and the cryptogram blocks can be shuffled and combined to build fake cryptograms that are not detected and are decrypted into non-null plaintext.

Their work will be presented in next Africacrypt.

Congratulations to the three of them !

I admit that IOC was quite naive in this aspect but, you now, best lessons always come from past mistakes ! Therefore, Paul, Reza and Serge my congratulations and sincere thanks. If you ever pass by Barcelona I'll be glad to pay for a bear in some terrace by the beach !