Adaptive Chosen Ciphertext Attack

An adaptive chosen ciphertext attack is an interactive form of chosen ciphertext attack in which an attacker sends a number of ciphertexts to be decrypted, then uses the results of these decryptions to select subsequent ciphertexts. The goal of this attack is to gradually reveal information about an encrypted message, or about the decryption key itself. For public-key systems, adaptive chosen ciphertexts are generally applicable only when they have the property of ciphertext malleability — that is, a ciphertext can be modified in specific ways that will have a predictable effect on the decryption of that message.

Practical attacks

Adaptive chosen ciphertext attacks were largely considered to be a theoretical concern until 1998, when Daniel Bleichenbacher of Bell Laboratories demonstrated a practical attack against systems using RSA encryption in concert with the PKCS #1 v1 encoding function, including a version of the Secure Socket Layer (SSL) Protocol used by thousands of web servers at the time. The Bleichenbacher attacks took advantage of flaws within the PKCS #1 function to gradually reveal the content of an RSA encrypted message. Doing this requires sending several million test ciphertexts to the decryption device (eg, SSL-equipped web server.) In practical terms, this means that an SSL session key can be exposed in a reasonable amount of time, perhaps a day or less.

Preventing attacks

In order to prevent adaptive chosen ciphertext attacks, it is necessary to use an encryption or encoding scheme that limits ciphertext malleability. A number of encoding schemes have been proposed; the most common standard for RSA encryption is Optimal Asymmetric Encryption Padding (OAEP). Unlike ad-hoc schemes such as the padding used in PKCS #1 v1, OAEP is provably secure under the random oracle model. Any cryptographic system which is plaintext aware is secure against adaptive chosen ciphertext attack.

References

  • Daniel Bleichenbacher, Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1, CRYPTO 1998, pp1–12.

 

<< PreviousWord BrowserNext >>
pavel milyukov
federation square
east lindsey
west lindsey
south kesteven
show runner
barthel schink
vijay singh
north warwickshire
jim capaldi
dbx
craftsman truck series
house of hador
kevin millwood
desk on a chest
playlist
doctrine of the mean
yuelu mountain
thomas wyatt
anthony traill (linguist)
the story of a shipwrecked sailor
carbonara
thomas wyatt the younger
1831 in science
clarenville, newfoundland and labrador
bonnaroo music festival
division no. 7, subd. k, newfoundland and labrador
division no. 7, subd. e, newfoundland and labrador
peace clause
heronian tetrahedron
william gilbert (disambiguation)
intentional programming
laser turntable
elpj
music of malawi
list of destroyers of the united states navy
galle
joseph montgomery
port blandford, newfoundland and labrador
c.d. howe
bonzai records
new mexico legislature
vermilion
the lost gospel
Copyright 2005-2009 OnPedia.com. All Rights Reserved