Strong adaptive chosen-ciphertext attacks with memory dump (or: The importance of the order of decryption and validation)

Seung-Joo Kim, Jung Hee Cheon, Marc Joye, Seongan Lim, Masahiro Mambo, Dongho Won, Yuliang Zheng

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

This paper presents a new type of powerful cryptanalytic attacks on public-key cryptosystems, extending the more commonly studied adaptive chosen-ciphertext attacks. In the new attacks, an adversary is not only allowed to submit to a decryption oracle (valid or invalid) ciphertexts of her choice, but also to emit a “dump query” prior to the completion of a decryption operation. The dump query returns intermediate results that have not been erased in the course of the decryption operation, whereby allowing the adversary to gain vital advantages in breaking the cryptosystem. We believe that the new attack model approximates more closely existing security systems. We examine its power by demonstrating that most existing public-key cryptosystems, including OAEP-RSA, are vulnerable to our extended attacks.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer Verlag
Pages114-127
Number of pages14
Volume2260
ISBN (Print)3540430261, 9783540430261
Publication statusPublished - 2001
Externally publishedYes
Event8th IMA International Conference on Cryptography and Coding, 2001 - Cirencester, United Kingdom
Duration: 2001 Dec 172001 Dec 19

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2260
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other8th IMA International Conference on Cryptography and Coding, 2001
CountryUnited Kingdom
CityCirencester
Period01/12/1701/12/19

Fingerprint

Cryptography
Attack
Data storage equipment
Public-key Cryptosystem
Security systems
Query
Approximate Model
Cryptosystem
Completion
Valid

Keywords

  • Chosen-ciphertext security
  • Ciphertext validity
  • ElGamal encryption
  • Encryption
  • OAEP-RSA
  • Provable security

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Kim, S-J., Cheon, J. H., Joye, M., Lim, S., Mambo, M., Won, D., & Zheng, Y. (2001). Strong adaptive chosen-ciphertext attacks with memory dump (or: The importance of the order of decryption and validation). In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2260, pp. 114-127). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2260). Springer Verlag.

Strong adaptive chosen-ciphertext attacks with memory dump (or : The importance of the order of decryption and validation). / Kim, Seung-Joo; Cheon, Jung Hee; Joye, Marc; Lim, Seongan; Mambo, Masahiro; Won, Dongho; Zheng, Yuliang.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 2260 Springer Verlag, 2001. p. 114-127 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2260).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kim, S-J, Cheon, JH, Joye, M, Lim, S, Mambo, M, Won, D & Zheng, Y 2001, Strong adaptive chosen-ciphertext attacks with memory dump (or: The importance of the order of decryption and validation). in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 2260, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2260, Springer Verlag, pp. 114-127, 8th IMA International Conference on Cryptography and Coding, 2001, Cirencester, United Kingdom, 01/12/17.
Kim S-J, Cheon JH, Joye M, Lim S, Mambo M, Won D et al. Strong adaptive chosen-ciphertext attacks with memory dump (or: The importance of the order of decryption and validation). In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 2260. Springer Verlag. 2001. p. 114-127. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Kim, Seung-Joo ; Cheon, Jung Hee ; Joye, Marc ; Lim, Seongan ; Mambo, Masahiro ; Won, Dongho ; Zheng, Yuliang. / Strong adaptive chosen-ciphertext attacks with memory dump (or : The importance of the order of decryption and validation). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 2260 Springer Verlag, 2001. pp. 114-127 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{e9413308148f4ccbb29d31c60ee7ecee,
title = "Strong adaptive chosen-ciphertext attacks with memory dump (or: The importance of the order of decryption and validation)",
abstract = "This paper presents a new type of powerful cryptanalytic attacks on public-key cryptosystems, extending the more commonly studied adaptive chosen-ciphertext attacks. In the new attacks, an adversary is not only allowed to submit to a decryption oracle (valid or invalid) ciphertexts of her choice, but also to emit a “dump query” prior to the completion of a decryption operation. The dump query returns intermediate results that have not been erased in the course of the decryption operation, whereby allowing the adversary to gain vital advantages in breaking the cryptosystem. We believe that the new attack model approximates more closely existing security systems. We examine its power by demonstrating that most existing public-key cryptosystems, including OAEP-RSA, are vulnerable to our extended attacks.",
keywords = "Chosen-ciphertext security, Ciphertext validity, ElGamal encryption, Encryption, OAEP-RSA, Provable security",
author = "Seung-Joo Kim and Cheon, {Jung Hee} and Marc Joye and Seongan Lim and Masahiro Mambo and Dongho Won and Yuliang Zheng",
year = "2001",
language = "English",
isbn = "3540430261",
volume = "2260",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "114--127",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Strong adaptive chosen-ciphertext attacks with memory dump (or

T2 - The importance of the order of decryption and validation)

AU - Kim, Seung-Joo

AU - Cheon, Jung Hee

AU - Joye, Marc

AU - Lim, Seongan

AU - Mambo, Masahiro

AU - Won, Dongho

AU - Zheng, Yuliang

PY - 2001

Y1 - 2001

N2 - This paper presents a new type of powerful cryptanalytic attacks on public-key cryptosystems, extending the more commonly studied adaptive chosen-ciphertext attacks. In the new attacks, an adversary is not only allowed to submit to a decryption oracle (valid or invalid) ciphertexts of her choice, but also to emit a “dump query” prior to the completion of a decryption operation. The dump query returns intermediate results that have not been erased in the course of the decryption operation, whereby allowing the adversary to gain vital advantages in breaking the cryptosystem. We believe that the new attack model approximates more closely existing security systems. We examine its power by demonstrating that most existing public-key cryptosystems, including OAEP-RSA, are vulnerable to our extended attacks.

AB - This paper presents a new type of powerful cryptanalytic attacks on public-key cryptosystems, extending the more commonly studied adaptive chosen-ciphertext attacks. In the new attacks, an adversary is not only allowed to submit to a decryption oracle (valid or invalid) ciphertexts of her choice, but also to emit a “dump query” prior to the completion of a decryption operation. The dump query returns intermediate results that have not been erased in the course of the decryption operation, whereby allowing the adversary to gain vital advantages in breaking the cryptosystem. We believe that the new attack model approximates more closely existing security systems. We examine its power by demonstrating that most existing public-key cryptosystems, including OAEP-RSA, are vulnerable to our extended attacks.

KW - Chosen-ciphertext security

KW - Ciphertext validity

KW - ElGamal encryption

KW - Encryption

KW - OAEP-RSA

KW - Provable security

UR - http://www.scopus.com/inward/record.url?scp=84946837352&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84946837352&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84946837352

SN - 3540430261

SN - 9783540430261

VL - 2260

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 114

EP - 127

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

PB - Springer Verlag

ER -