Abstract
Kerckhoffs’ assumption states that an attacker must be assumed to have full knowledge of all the details of a cryptosystem except information about encryption/decryption keys upon which security of the cryptosystem rests entirely. In this paper we generalize the assumption to allow an attacker to have access to intermediate results during the computational process of cryptographic operations. We show that the generalized assumption models quite well such real world attacks as the “memory reconstruction attack” and the “memory core-dump attack” which may be mounted by computer forensic software or computer viruses. We further analyze a number of public key encryption schemes under the generalized Kerckhoffs’ assumption, and demonstrate that some of the schemes, although provably secure under some computational assumptions, may be broken if an attacker has access to intermediate results during a decryption operation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Abe, “Securing “encryption + proof of knowledge” in the random oracle model”, Topics in Cryptology-CT-RSA 2002, volume 2271 of Lecture Notes in Computer Science, pages 277–289, Springer-Verlag, 2002. 240
R. Anderson, Invited lecture, Fourth ACM Conference on Computer and Communications Security, ACM, 1997. 231
J. Baek, B. Lee, and K. Kim, “Secure length-saving ElGamal encryption under the computational Diffie-Hellman assumption”, Information Security and Privacy (ACISP 2000), volume 1841 of Lecture Notes in Computer Science, pages 49–58, Springer-Verlag, 2000. 239, 240
M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations among notions of security for public-key encryption schemes”, Advances in Cryptology-CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 26–45, Springer-Verlag, 1998. 231
M. Bellare and S. Miner, “A forward-secure digital signature scheme”, Advances in Cryptology-CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 431–448, Springer-Verlag, 1999. 231
M. Bellare and P. Rogaway, “Random oracles are practical: A paradigm for designing efficient protocols”, First ACM Conference on Computer and Communications Security, pages 62–73, ACM Press, 1993. 234
[7]-M. Bellare and P. Rogaway, “Optimal asymmetric encryption”, Advances in Cryptology-EUROCRYPT’94, volume 950 of Lecture Notes in Computer Science, pages 92–111, Springer-Verlag, 1995. 234, 240
Bellcore Press Release, “New threat model breaks crypto codes”, Sept. 1996, http://www.bellcore.com/PRESS/ADVSRY96/facts.html/. 229, 233
D. Bleichenbacher, “A chosen ciphertext attack against protocols based on the RSA encryption standard PKCS #1”, Advances in Cryptology-CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 1–12, Springer-Verlag, 1998. 229
S. Burnett and S. Paine, “RSA Security’s official guide to cryptography”, RSA Press, 2001. 230
R. Canetti, Y. Dodis, S. Halevi, E. Kushilevitz, and A. Sahai, “Exposure-resilient functions and all-or-nothing-transforms”, Advances in Cryptology-Eurocrypt’ 00, volume 1807 of Lecture Notes in Computer Science, pages 453–469, Springer-Verlag, 2000. 231
J. S. Coron, H. Handshuch, M. Joye, P. Paillier, D. Pointcheval, and C. Tymen, “GEM: A generic chosen-ciphertext secure encryption method”, Topics in Cryptology-CT-RSA 2002, volume 2271 of Lecture Notes in Computer Science, pages 263–276, Springer-Verlag, 2002. 234
R. Cramer and V. Shoup, “A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack”, Advances in Cryptology-CRYPTO’ 98, volume 1462 of Lecture Notes in Computer Science, pages 13–25, Springer-Verlag, 1998. 234, 237, 240
G. Di Crescenzo, N. Ferguson, R. Impagliazzo, and M. Jakobsson, “How to forget a secret”, Annual Symposium on Theoretical Aspects of Computer Science, volume 1563 of Lecture Notes in Computer Science, pages 500–509, 1999. 232
Y. Dodis, J. Katz, S. Xu, and M. Yung, “Strong key-insulated signature schemes”, Unpublished Manuscript. 231
Y. Dodis, J. Katz, S. Xu, and M. Yung, “Key-insulated public key cryptosystems”, Advances in Cryptology-Eurocrypt’ 02, volume 2332 of Lecture Notes in Computer Science, pages 65–82, Springer-Verlag, 2002. 231
T. ElGamal, “A public key cryptosystems and a signature schemes based on discrete logarithms”, IEEE Transactions on Information Theory, IT-31(4):469–472, 1985. 238
E. Fujisaki and T. Okamoto, “How to enhance the security of public-key encryption at minimum cost”, Public Key Cryptography, volume 1560 of Lecture Notes in Computer Science, pages 53–68, Springer-Verlag, 1999. 234, 238, 240
E. Fujisaki and T. Okamoto, “Secure integration of asymmetric and symmetric encryption schemes”, Advances in Cryptology-CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 537–544, Springer-Verlag, 1999. 234, 238, 240
L. C. Guillou and J.-J. Quisquater, “A practical zero-knowledge protocol fitted to security microprocessor minimizing botht ransmission and memory”, Advances in Cryptology-EUROCRYPT’88, volume 330 of Lecture Notes in Computer Science, pages 123–128, Springer-Verlag, 1988.
M. Joye, J.-J. Quisquater, and M. Yung, “On the power of misbehaving adversaries”, Topics in Cryptology-CT-RSA 2001, volume 2020 of Lecture Notes in Computer Science, pages 208–222, Springer-Verlag, 2001. 229
A. Kerckhoffs, “La cryptographie militaire (Military Cryptography)”, Journal des sciences militaires, vol.IX, pages 5–83, Jan. 1883, pages 161–191, Feb. 1883. 227
S. Kim, J. H. Cheon, M. Joye, S. Lim, M. Mambo, D. Won, and Y. Zheng “Strong adaptive chosen-ciphertext attack with memory dump (Or: The importance of the order of decryption and validation)”, Eighth IMA Conference on Cryptography and Coding 2001, volume 2260 of Lecture Notes in Computer Science pages 114–127, Springer-Verlag, 2001. 230, 231, 232, 235
S. Kim, J. H. Cheon, M. Joye, S. Lim, M. Mambo, D. Won, and Y. Zheng, “Security analysis of “provably” secure cryptosystems under strong adaptive chosenciphertext attack”, Technical Report of IEICE, ISSN 0913-5685, ISEC2001-89, Vol.101, No.507, pages 17–24, 2001. 230, 231, 232, 235
P. Kocher, “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems”, Advances in Cryptology-CRYPTO’96, volume 1109 of Lecture Notes in Computer Science, pages 104–113, Springer-Verlag, 1996.
P. Kocher, J. Jaffe, and B. Jun, “Introduction to differential power analysis and related attacks”, 1998, http://www.cryptography.com/dpa/technical.
P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis”, Advances in Cryptology-CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 388–397, Springer-Verlag, 1999.
J. Manger, “A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS #1”, Advances in Cryptology-CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 230–238, Springer-Verlag, 2001. 229
M. Naor and M. Yung, “Public-key cryptosystems provably secure against chosen ciphertext attacks”, 22nd Annual ACM Symposium on Theory of Computing, pages 427–437, ACM Press, 1990. 229
T. Okamoto and D. Pointcheval, “REACT: Rapid enhanced-security asymmetric cryptosystem transform”, Topics in Cryptology-CT-RSA 2001, volume 2020 of Lecture Notes in Computer Science, pages 159–175, Springer-Verlag, 2001. 234, 240
R. Ostrovsky and M. Yung, “How to withstand mobile virus attacks”, Proceedings of the Tenth Annual ACM Symposium on Princiles of Distributed Computing-PODC’91, pages 51–59, ACM Press, 1991. 231
D. Pointcheval, “Chosen-ciphertext security for any one-way cryptosystem”, Public Key Cryptography, volume 1751 of Lecture Notes in Computer Science, pages 129–146, Springer-Verlag, 2000. 234, 239, 240
C. Rackoff and D. Simon, “Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack”, Advances in Cryptology-CRYPTO’91, volume 576 of Lecture Notes in Computer Science, pages 433–444, Springer-Verlag, 1992. 229
R. L. Rivest, A. Shamir, and L. M. Adleman, “A method for obtaining digital signatures and public-key cryptosystems”, Communications of the ACM, 21(2):120–126, 1978. 238
C. P. Schnorr and M. Jakobsson, “Security of signed ElGamal encryption”, Advances in Cryptology-ASIACRYPT 2000, volume 1976 of Lecture Notes in Computer Science, pages 73–89, Springer-Verlag, 2000. 239, 240
Y. Tsiounis and M. Yung, “On the security of ElGamal-based encryption”, Public Key Cryptography, volume 1431 of Lecture Notes in Computer Science, pages 117–134, Springer-Verlag, 1998. 238, 240
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, S., Mambo, M., Zheng, Y. (2003). Rethinking Chosen-Ciphertext Security under Kerckhoffs’ Assumption. In: Joye, M. (eds) Topics in Cryptology — CT-RSA 2003. CT-RSA 2003. Lecture Notes in Computer Science, vol 2612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36563-X_16
Download citation
DOI: https://doi.org/10.1007/3-540-36563-X_16
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00847-7
Online ISBN: 978-3-540-36563-1
eBook Packages: Springer Book Archive