A control vector is a data structure that specifies the nature and rol
e of an associated cryptographic key. The control vector is checked by
software and cryptographic hardware in order to limit the range of pe
rmissible operations to be undertaken with ciphertext produced with th
e key. The linking of the control vector and cryptographic key is such
that attempts to modify, or substitute, control vectors will cause th
e subsequent processing to operate with a corrupted key, and hence ens
ure protection of data encrypted with the genuine key. A potential att
ack on the control vector approach is described in which the complemen
t of the control vector is substituted. The manner in which such attac
ks are thwarted by the IBM implementation of control vectors is also d
escribed.