[go: up one dir, main page]
Skip to main content
SpringerLink
Log in

Strong Adaptive Chosen-Ciphertext Attacks with Memory Dump (or: The Importance of the Order of Decryption and Validation)

  • Conference paper
  • First Online:
Cryptography and Coding (Cryptography and Coding 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2260))

Included in the following conference series:

  • 836 Accesses

Abstract

This paper presents a new type of powerful cryptanalytic attacks on public-key cryptosystems, extending the more commonly studied adaptive chosen-ciphertext attacks. In the new attacks, an adversary is not only allowed to submit to a decryption oracle (valid or invalid) ciphertexts of her choice, but also to emit a “dump query” prior to the completion of a decryption operation. The dump query returns intermediate results that have not been erased in the course of the decryption operation, whereby allowing the adversary to gain vital advantages in breaking the cryptosystem.

We believe that the new attack model approximates more closely existing security systems. We examine its power by demonstrating that most existing public-key cryptosystems, including OAEP-RSA, are vulnerable to our extended attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. J. Baek, B. Lee, and K. Kim, “Secure length-saving ElGamal encryption under the computational Diffie-Hellman assumption”, Information Security and Privacy (ACISP 2000), volume 1841 of Lecture Notes in Computer Science, pages 49–58, Springer-Verlag, 2000.

    Chapter  Google Scholar 

  2. M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations among notions of security for public-key encryption schemes”, Advances in Cryptology —CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 26–45, Springer-Verlag, 1998.

    Chapter  Google Scholar 

  3. M. Bellare and P. Rogaway, “Random oracles are practical: A paradigm for designing efficient protocols”, First ACM Conference on Computer and Communications Security, pages 62–73, ACM Press, 1993.

    Google Scholar 

  4. M. Bellare and P. Rogaway, “Optimal asymmetric encryption”, Advances in Cryptology — EUROCRYPT’94, volume 950 of Lecture Notes in Computer Science, pages 92–111, Springer-Verlag, 1995.

    Chapter  Google Scholar 

  5. D. Bleichenbacher, “A chosen ciphertext attack against protocols based on the RSA encryption standard PKCS #1”, Advances in Cryptology — CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 1–12, Springer-Verlag, 1998.

    Chapter  Google Scholar 

  6. S. Burnett and S. Paine, “RSA Security’s official guide to cryptography”, RSA Press, 2001.

    Google Scholar 

  7. D. Campbell “How your privacy is caught in the Net”, http://www.theage.com.au/daily/990808/news/specials/news1.html, 8 August 1999.

  8. R. Cramer and V. Shoup, “A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack”, Advances in Cryptology — CRYPTO’ 98, volume 1462 of Lecture Notes in Computer Science, pages 13–25, Springer-Verlag, 1998.

    Chapter  Google Scholar 

  9. O. Dolev, C. Dwork, and M. Naor, “Non-malleable cryptography”, 23rd ACM Annual Symposium on the Theory of Computing, pages 542–552, ACM Press, 1991.

    Google Scholar 

  10. T. ElGamal, “A public key cryptosystems and a signature schemes based on discrete logarithms”, IEEE Transactions on Information Theory, IT-31(4):469–472, 1985.

    Article  MathSciNet  Google Scholar 

  11. E. Fujisaki and T. Okamoto, “How to enhance the security of public-key encryption at minimum cost”, Public Key Cryptography, volume 1560 of Lecture Notes in Computer Science, pages 53–68, Springer-Verlag, 1999.

    Chapter  Google Scholar 

  12. E. Fujisaki and T. Okamoto, “Secure integration of asymmetric and symmetric encryption schemes”, Advances in Cryptology — CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 537–544, Springer-Verlag, 1999.

    Google Scholar 

  13. S. Goldwasser and S. Micali, “Probabilistic encryption”, Journal of Computer and System Sciences, 28:270–299, 1984.

    Article  MATH  MathSciNet  Google Scholar 

  14. G. Itkis and L. Reyzin, “Forward-secure signatures with optimal signing and verifying”, Advances in Cryptology — CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 332–354, Springer-Verlag, 2001.

    Google Scholar 

  15. M. Joye, J.-J. Quisquater, and M. Yung, “On the power of misbehaving adversaries”, Topics in Cryptology — CT-RSA 2001, volume 2020 of Lecture Notes in Computer Science, pages 208–222, Springer-Verlag, 2001.

    Chapter  Google Scholar 

  16. J. Manger, “A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS #1”, Advances in Cryptology —CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 230–238, Springer-Verlag, 2001.

    Chapter  Google Scholar 

  17. M. Naor and M. Yung, “Public-key cryptosystems provably secure against chosen ciphertext attacks”, 22nd Annual ACM Symposium on Theory of Computing, pages 427–437, ACM Press, 1990.

    Google Scholar 

  18. T. Okamoto and D. Pointcheval, “REACT: Rapid enhanced-security asymmetric cryptosystem transform”, Topics in Cryptology — CT-RSA 2001, volume 2020 of Lecture Notes in Computer Science, pages 159–175, Springer-Verlag, 2001.

    Chapter  Google Scholar 

  19. D. Pointcheval, “Chosen-ciphertext security for any one-way cryptosystem”, Public Key Cryptography, volume 1751 of Lecture Notes in Computer Science, pages 129–146, Springer-Verlag, 2000.

    Google Scholar 

  20. C. Racko. and D. Simon, “Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack”, Advances in Cryptology — CRYPTO’91, volume 576 of Lecture Notes in Computer Science, pages 433–444, Springer-Verlag, 1992.

    Google Scholar 

  21. R.L. Rivest, A. Shamir, and L.M. Adleman, “A method for obtaining digital signatures and public-key cryptosystems”, Communications of the ACM, 21(2):120–126, 1978.

    Article  MATH  MathSciNet  Google Scholar 

  22. C.P. Schnorr and M. Jakobsson, “Security of Signed ElGamal Encryption”, Advances in Cryptology — ASIACRYPT 2000, volume 1976 of Lecture Notes in Computer Science, pages 73–89, Springer-Verlag, 2000.

    Chapter  Google Scholar 

  23. V. Shoup, “On formal models for secure key exchange”, version 4, Revision of IBM Research Report RZ 3120(April 1999), November 15, 1999.

    Google Scholar 

  24. V. Shoup and R. Gennaro, “Securing threshold cryptosystems against chosen ciphertext attack”, Advances in Cryptology — EUROCRYPT’98, volume 1403 of Lecture Notes in Computer Science, pages 1–16, Springer-Verlag, 1998.

    Chapter  Google Scholar 

  25. A. Silberschatz, J. Peterson, and P. Galvin, Operating system concepts, Third edition, Addison-Wesley Publishing Company.

    Google Scholar 

  26. Y. Tsiounis and M. Yung, “On the security of ElGamal-based encryption”, Public Key Cryptography, volume 1431 of Lecture Notes in Computer Science, pages 117–134, Springer-Verlag, 1998.

    Chapter  Google Scholar 

  27. Y. Zheng and J. Seberry, “Immunizing public key cryptosystems against chosen ciphertext attacks”, IEEE Journal on Selected Area in Communications, 11(5):715–724, 1993.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. KISA (Korea Information Security Agency), 4Fl, IT Venture Tower W/B, 78, Garag-Dong. Songpa-Gu, 138-803, Seoul, Korea

    Seungjoo Kim & Seongan Lim

  2. ICU (Information and Communications Univ.), 58-4 Hwaam-Dong, Yusong-Gu, 305-732, Taejon, Korea

    Jung Hee Cheon

  3. Card Security Group, Gemplus Card International, Parc d’Activités de Gémenos, B.P. 100, 13881, Gémenos, France

    Marc Joye

  4. Graduate School of Information Sciences, Tohoku University, Kawauchi Aoba Sendai, 980-8576, Japan

    Masahiro Mambo

  5. Sungkyunkwan University, 300 Chunchun-dong, 440-746, Suwon, Kyunggi-do, Korea

    Dongho Won

  6. UNC Charlotte, 9201 University City Blvd, 28223, Charlotte, NC

    Yuliang Zheng

Authors
  1. Seungjoo Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jung Hee Cheon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marc Joye
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Seongan Lim
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Masahiro Mambo
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Yuliang Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Applied Sciences, Department of Communication Systems, Lancaster University, LA1 4YR, Lancaster, UK

    Bahram Honary

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, S. et al. (2001). Strong Adaptive Chosen-Ciphertext Attacks with Memory Dump (or: The Importance of the Order of Decryption and Validation). In: Honary, B. (eds) Cryptography and Coding. Cryptography and Coding 2001. Lecture Notes in Computer Science, vol 2260. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45325-3_11

Download citation

  • DOI: https://doi.org/10.1007/3-540-45325-3_11

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-43026-1

  • Online ISBN: 978-3-540-45325-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation