Rethinking chosen-ciphertext security under Kerckhoffs' assumption

Seung-Joo Kim, Masahiro Mambo, Yuliang Zheng

Research output: Contribution to journalArticle

Abstract

Kerckhoffs' assumption states that an attacker must be assumed to have full knowledge of all the details of a cryptosystem except information about encryption/decryption keys upon which security of the cryptosystem rests entirely. In this paper we generalize the assumption to allow an attacker to have access to intermediate results during the computational process of cryptographic operations. We show that the generalized assumption models quite well such real world attacks as the "memory reconstruction attack" and the "memory core-dump attackwhich may be mounted by computer forensic software or computer viruses. We further analyze a number of public key encryption schemes under the generalized Kerckhoffs' assumption, and demonstrate that some of the schemes, although provably secure under some computational assumptions, may be broken if an attacker has access to intermediate results during a decryption operation.

Original languageEnglish
Pages (from-to)227-243
Number of pages17
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2612
Publication statusPublished - 2003 Dec 1
Externally publishedYes

Fingerprint

Chosen-ciphertext Security
Computer Security
Cryptography
Software
Cryptosystem
Computer forensics
Computer viruses
Data storage equipment
Attack
Computer Virus
Public Key Encryption
Encryption
Generalise
Demonstrate

Keywords

  • Chosen-ciphertext security
  • Kerckhoffs' assumption
  • Provable security

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

@article{b948fa04874041d7a32a4f5a70f10bf6,
title = "Rethinking chosen-ciphertext security under Kerckhoffs' assumption",
abstract = "Kerckhoffs' assumption states that an attacker must be assumed to have full knowledge of all the details of a cryptosystem except information about encryption/decryption keys upon which security of the cryptosystem rests entirely. In this paper we generalize the assumption to allow an attacker to have access to intermediate results during the computational process of cryptographic operations. We show that the generalized assumption models quite well such real world attacks as the {"}memory reconstruction attack{"} and the {"}memory core-dump attackwhich may be mounted by computer forensic software or computer viruses. We further analyze a number of public key encryption schemes under the generalized Kerckhoffs' assumption, and demonstrate that some of the schemes, although provably secure under some computational assumptions, may be broken if an attacker has access to intermediate results during a decryption operation.",
keywords = "Chosen-ciphertext security, Kerckhoffs' assumption, Provable security",
author = "Seung-Joo Kim and Masahiro Mambo and Yuliang Zheng",
year = "2003",
month = "12",
day = "1",
language = "English",
volume = "2612",
pages = "227--243",
journal = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
issn = "0302-9743",
publisher = "Springer Verlag",

}

TY - JOUR

T1 - Rethinking chosen-ciphertext security under Kerckhoffs' assumption

AU - Kim, Seung-Joo

AU - Mambo, Masahiro

AU - Zheng, Yuliang

PY - 2003/12/1

Y1 - 2003/12/1

N2 - Kerckhoffs' assumption states that an attacker must be assumed to have full knowledge of all the details of a cryptosystem except information about encryption/decryption keys upon which security of the cryptosystem rests entirely. In this paper we generalize the assumption to allow an attacker to have access to intermediate results during the computational process of cryptographic operations. We show that the generalized assumption models quite well such real world attacks as the "memory reconstruction attack" and the "memory core-dump attackwhich may be mounted by computer forensic software or computer viruses. We further analyze a number of public key encryption schemes under the generalized Kerckhoffs' assumption, and demonstrate that some of the schemes, although provably secure under some computational assumptions, may be broken if an attacker has access to intermediate results during a decryption operation.

AB - Kerckhoffs' assumption states that an attacker must be assumed to have full knowledge of all the details of a cryptosystem except information about encryption/decryption keys upon which security of the cryptosystem rests entirely. In this paper we generalize the assumption to allow an attacker to have access to intermediate results during the computational process of cryptographic operations. We show that the generalized assumption models quite well such real world attacks as the "memory reconstruction attack" and the "memory core-dump attackwhich may be mounted by computer forensic software or computer viruses. We further analyze a number of public key encryption schemes under the generalized Kerckhoffs' assumption, and demonstrate that some of the schemes, although provably secure under some computational assumptions, may be broken if an attacker has access to intermediate results during a decryption operation.

KW - Chosen-ciphertext security

KW - Kerckhoffs' assumption

KW - Provable security

UR - http://www.scopus.com/inward/record.url?scp=35248831606&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=35248831606&partnerID=8YFLogxK

M3 - Article

VL - 2612

SP - 227

EP - 243

JO - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

JF - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SN - 0302-9743

ER -