Chosen ciphertext attack is a scenario in which the attacker has the ability to choose ciphertexts C i and to view their corresponding decryptions—plaintexts P i . It is essentially the same scenario as a chosen plaintext attack but applied to a decryption function, instead of the encryption function. The attack is considered to be less practical in real life situations than chosen plaintext attacks. However, there is no direct correspondence between complexities of chosen plaintext and chosen ciphertext attacks. A cipher may be vulnerable to one attack but not to the other attack or the other way around. Chosen ciphertext attack is a very important scenario in public key cryptography, where known plaintext and even chosen plaintext scenarios are always available to the attacker due to publicly known encryption key. For example, the RSA public-key encryption system is not secure against adaptive chosen ciphertext attack [1].
This is a preview of subscription content, log in via an institution to check access.
References
Bleichenbacher. D. (1988 “Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1.” Advances in Cryptology—CRYPTO'98, Lecture Notes in Computer Science, vol. 1462, ed. H. Krawczyk. Springer, Berlin, 1–12.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this entry
Cite this entry
Biryukov, A. (2005). Chosen Ciphertext Attack. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_59
Download citation
DOI: https://doi.org/10.1007/0-387-23483-7_59
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-23473-1
Online ISBN: 978-0-387-23483-0
eBook Packages: Computer ScienceReference Module Computer Science and Engineering