Abstract
EPOC-2is a public-key cryptosystem that can be proved IND-CCA2unde r the factoring assumption in the random oracle model. It was written into a standard specification P1363 of IEEE, and it has been a candidate of the public-key cryptosystem in several international standards (or portfolio) on cryptography, e.g. NESSIE, CRYPTREC, ISO, etc. In this paper we propose a chosen ciphertext attack against EPOC-2f rom NESSIE by observing the timing of the reject signs from the decryption oracle. We construct an algorithm, which can factor the public modulus using the difference of the reject symbols. For random 384-bit primes, the modulus can be factored with probability at least 1/2b y invoking about 385 times to the decryption oracle.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols,” First ACM Conference on Computer and Communications Security, (1993), pp.62–73. 369
M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations among notions of security for public-key encryption schemes,” Advances in Cryptology-CRYPTO’98, LNCS 1462, pp.26–45, 1998. 359
D. Boneh, “Simplified OAEP for the RSA and Rabin Functions,” Advances in Cryptology-CRYPTO 2001, LNCS 2139, pp.275–291, 2001. 371
J. Buchmann, K. Sakurai, and T. Takagi, “An IND-CCA2 Public-Key Cryptosystem with Fast Decryption,” Information Security and Cryptology-ICISC 2001, LNCS 2288, pp.51–71, 2001. 371
J.-S. Coron, H. Handschuh, M. Joye, P. Paillier, D. Pointcheval, and C. Tymen, “Optimal Chosen-Ciphertext Secure Encryption of Arbitrary-Length Messages,” Public Key Cryptography 2002, LNCS 2274, pp.17–33, 2002. 370
J.-S. Coron, H. Handschuh, M. Joye, P. Paillier, D. Pointcheval, and C. Tymen, “GEM: A Generic Chosen-Ciphertext Secure Encryption Method,” Topics in Cryptology-CT-RSA 2002, LNCS2271, pp.263–276, 2002. 370
CRYPTREC, Evaluation of Cryptographic Techniques, IPA. http://www.ipa.go.jp/security/enc/CRYPTREC/. 361, 363
A. Dent, “An implementation attack against the EPOC-2 public-key cryptosystem,” Electronics Letters, 38(9), pp.412, 2002. 360, 363, 368
A. Dent, “An evaluation of EPOC-2,” New European Schemes for Signatures, Integrity, and Encryption (NESSIE), http://www.cryptonessie.org/. 360, 363, 368
EPOC, Efficient Probabilistic Public-Key Encryption. http://info.isl.ntt.co.jp/epoc/ 360, 367
E. Fujisaki and T. Okamoto, “How to Enhance the Security of Public-Key Encryption at Minimum Cost,” 1999 InternationalWorkshop on Practice and Theory in Public Key Cryptography, LNCS 1560, (1999), pp.53–68. 369
E. Fujisaki and T. Okamoto, “Secure Integration of Asymmetric and Symmetric Encryption Schemes,” Advances in Cryptology-CRYPTO’99, LNCS 1666, (1999), pp.537–554. 360, 361, 362, 363, 369, 370
E. Fujisaki and T. Okamoto, “A Chosen-Cipher Secure Encryption Scheme Tightly as Secure as Factoring,” IEICE Trans. Fundamentals, Vol. E84-A, No.1, (2001), pp.179–187. 360, 361, 362, 363
IEEE P1363, Standard Specifications for Public-Key Cryptography, 2000. Available from http://grouper.ieee.org/groups/1363/. 361, 362
M. Joye, J.-J. Quisquater, and M. Yung, “The Policeman in the Middle Attack,” presented at rump session of Eurocrypt’98, 1998. 362, 368
M. Joye, J.-J. Quisquater, and M. Yung, “On the Power of Misbehaving Adversaries and Security Analysis of the Original EPOC,” Topics in Cryptology-CT-RSA 2001, LNCS 2020, pp.208–222, 2001. 360, 362, 363, 365, 368
S. Kim, J. Cheon, M. Joye, S. Lim, M. Mambo, D. Won, and Y. Zheng, “Strong Adaptive Chosen-Ciphertext Attacks with Memory Dump (or: The Importance of the Order of Decryption and Validation)”, Cryptography and Coding, 8th IMA International Conference, LNCS 2260, pp.114–127, 2001. 360, 369
V. Klima and T. Rosa; “Further Results and Considerations on Side Channel Attacks on RSA,” Cryptology ePrint Archive: Report 2002/071, 2002. http://eprint.iacr.org/2002/071/. 360
C. Kocher, “Timing attacks on Implementations of Diffie-Hellman, RSA, DSS, and other Systems”, Advances in Cryptology-CRYPTO’ 96, LNCS 1109, pp.104–113, 1996. 360
C. Kocher, J. Jaffie, and B. Jun, “Differential Power Analysis”, Advances in Cryptology-CRYPTO’ 99, LNCS 1666, pp.388–397, 1999. 360
J. Manger, “A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0,” Advances in Cryptology-CRYPTO 2001, LNCS 2139, pp.230–238, 2001. 359, 369, 371
M. Nishioka, H. Satoh, and K. Sakurai, “Design and Analysis of Fast Provably Secure Public-Key Cryptosystems Based on a Modular Squaring,” Information Security and Cryptology-ICISC 2001, LNCS 2288, pp.81–102, 2001. 371
NESSIE, New European Schemes for Signatures, Integrity, and Encryption, IST-1999-12324. http://www.cosic.esat.kuleuven.ac.be/nessie/ 361, 363
R. Novak, “SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation,” Public Key Cryptography 2002, LNCS 2274, pp.252–262, 2002. 360
T. Okamoto and D. Pointcheval, “REACT: Rapid Enhanced-security Asymmetric Cryptosystem Transform,” In Proceedings of the Cryptographers’ Track at RSA Conference’ 2001, LNCS 2020, (2001), pp.159–175. 369, 370
T. Okamoto and S. Uchiyama; “A New Public-Key Cryptosystem as Secure as Factoring,” Eurocrypt’98, LNCS 1403, pp.308–318, 1998. 362, 363, 365, 369
P. Paillier, “Public-Key Cryptosystems based on Composite Degree Residuosity Classes,” Eurocrypt’99, LNCS 1592, pp.223–238, 1999. 371
D. Pointcheval, “Chosen-ciphertext security for any one-way cryptosystem,” Public Key Cryptography 2000, LNCS 1751, pp.129–146, 2000. 369
V. Shoup, “A Proposal for an ISO Standard for Public-Key Encryption (version 2.1),” http://www.shoup.net. 363
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sakurai, K., Takagi, T. (2003). A Reject Timing Attack on an IND-CCA2 Public-Key Cryptosystem. In: Lee, P.J., Lim, C.H. (eds) Information Security and Cryptology — ICISC 2002. ICISC 2002. Lecture Notes in Computer Science, vol 2587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36552-4_25
Download citation
DOI: https://doi.org/10.1007/3-540-36552-4_25
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00716-6
Online ISBN: 978-3-540-36552-5
eBook Packages: Springer Book Archive