Rethinking chosen-ciphertext security under Kerckhoffs' assumption

Seung-Joo Kim, Masahiro Mambo, Yuliang Zheng

Research output: Contribution to journalArticle


Kerckhoffs' assumption states that an attacker must be assumed to have full knowledge of all the details of a cryptosystem except information about encryption/decryption keys upon which security of the cryptosystem rests entirely. In this paper we generalize the assumption to allow an attacker to have access to intermediate results during the computational process of cryptographic operations. We show that the generalized assumption models quite well such real world attacks as the "memory reconstruction attack" and the "memory core-dump attackwhich may be mounted by computer forensic software or computer viruses. We further analyze a number of public key encryption schemes under the generalized Kerckhoffs' assumption, and demonstrate that some of the schemes, although provably secure under some computational assumptions, may be broken if an attacker has access to intermediate results during a decryption operation.

Original languageEnglish
Pages (from-to)227-243
Number of pages17
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Publication statusPublished - 2003 Dec 1
Externally publishedYes



  • Chosen-ciphertext security
  • Kerckhoffs' assumption
  • Provable security

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this