Skip to main content
SpringerLink
Log in

Rethinking Chosen-Ciphertext Security under Kerckhoffs’ Assumption

  • Conference paper
  • First Online:
Book cover Topics in Cryptology — CT-RSA 2003 (CT-RSA 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2612))

Included in the following conference series:

  • 1138 Accesses

Abstract

Kerckhoffs’ assumption states that an attacker must be assumed to have full knowledge of all the details of a cryptosystem except information about encryption/decryption keys upon which security of the cryptosystem rests entirely. In this paper we generalize the assumption to allow an attacker to have access to intermediate results during the computational process of cryptographic operations. We show that the generalized assumption models quite well such real world attacks as the “memory reconstruction attack” and the “memory core-dump attack” which may be mounted by computer forensic software or computer viruses. We further analyze a number of public key encryption schemes under the generalized Kerckhoffs’ assumption, and demonstrate that some of the schemes, although provably secure under some computational assumptions, may be broken if an attacker has access to intermediate results during a decryption operation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Abe, “Securing “encryption + proof of knowledge” in the random oracle model”, Topics in Cryptology-CT-RSA 2002, volume 2271 of Lecture Notes in Computer Science, pages 277–289, Springer-Verlag, 2002. 240

    Chapter  Google Scholar 

  2. R. Anderson, Invited lecture, Fourth ACM Conference on Computer and Communications Security, ACM, 1997. 231

    Google Scholar 

  3. J. Baek, B. Lee, and K. Kim, “Secure length-saving ElGamal encryption under the computational Diffie-Hellman assumption”, Information Security and Privacy (ACISP 2000), volume 1841 of Lecture Notes in Computer Science, pages 49–58, Springer-Verlag, 2000. 239, 240

    Chapter  Google Scholar 

  4. M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations among notions of security for public-key encryption schemes”, Advances in Cryptology-CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 26–45, Springer-Verlag, 1998. 231

    Chapter  Google Scholar 

  5. M. Bellare and S. Miner, “A forward-secure digital signature scheme”, Advances in Cryptology-CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 431–448, Springer-Verlag, 1999. 231

    Google Scholar 

  6. M. Bellare and P. Rogaway, “Random oracles are practical: A paradigm for designing efficient protocols”, First ACM Conference on Computer and Communications Security, pages 62–73, ACM Press, 1993. 234

    Google Scholar 

  7. [7]-M. Bellare and P. Rogaway, “Optimal asymmetric encryption”, Advances in Cryptology-EUROCRYPT’94, volume 950 of Lecture Notes in Computer Science, pages 92–111, Springer-Verlag, 1995. 234, 240

    Chapter  Google Scholar 

  8. Bellcore Press Release, “New threat model breaks crypto codes”, Sept. 1996, http://www.bellcore.com/PRESS/ADVSRY96/facts.html/. 229, 233

  9. D. Bleichenbacher, “A chosen ciphertext attack against protocols based on the RSA encryption standard PKCS #1”, Advances in Cryptology-CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 1–12, Springer-Verlag, 1998. 229

    Chapter  Google Scholar 

  10. S. Burnett and S. Paine, “RSA Security’s official guide to cryptography”, RSA Press, 2001. 230

    Google Scholar 

  11. R. Canetti, Y. Dodis, S. Halevi, E. Kushilevitz, and A. Sahai, “Exposure-resilient functions and all-or-nothing-transforms”, Advances in Cryptology-Eurocrypt’ 00, volume 1807 of Lecture Notes in Computer Science, pages 453–469, Springer-Verlag, 2000. 231

    Chapter  Google Scholar 

  12. J. S. Coron, H. Handshuch, M. Joye, P. Paillier, D. Pointcheval, and C. Tymen, “GEM: A generic chosen-ciphertext secure encryption method”, Topics in Cryptology-CT-RSA 2002, volume 2271 of Lecture Notes in Computer Science, pages 263–276, Springer-Verlag, 2002. 234

    Google Scholar 

  13. R. Cramer and V. Shoup, “A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack”, Advances in Cryptology-CRYPTO’ 98, volume 1462 of Lecture Notes in Computer Science, pages 13–25, Springer-Verlag, 1998. 234, 237, 240

    Chapter  Google Scholar 

  14. G. Di Crescenzo, N. Ferguson, R. Impagliazzo, and M. Jakobsson, “How to forget a secret”, Annual Symposium on Theoretical Aspects of Computer Science, volume 1563 of Lecture Notes in Computer Science, pages 500–509, 1999. 232

    Google Scholar 

  15. Y. Dodis, J. Katz, S. Xu, and M. Yung, “Strong key-insulated signature schemes”, Unpublished Manuscript. 231

    Google Scholar 

  16. Y. Dodis, J. Katz, S. Xu, and M. Yung, “Key-insulated public key cryptosystems”, Advances in Cryptology-Eurocrypt’ 02, volume 2332 of Lecture Notes in Computer Science, pages 65–82, Springer-Verlag, 2002. 231

    Google Scholar 

  17. T. ElGamal, “A public key cryptosystems and a signature schemes based on discrete logarithms”, IEEE Transactions on Information Theory, IT-31(4):469–472, 1985. 238

    Article  MathSciNet  Google Scholar 

  18. E. Fujisaki and T. Okamoto, “How to enhance the security of public-key encryption at minimum cost”, Public Key Cryptography, volume 1560 of Lecture Notes in Computer Science, pages 53–68, Springer-Verlag, 1999. 234, 238, 240

    Chapter  Google Scholar 

  19. E. Fujisaki and T. Okamoto, “Secure integration of asymmetric and symmetric encryption schemes”, Advances in Cryptology-CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 537–544, Springer-Verlag, 1999. 234, 238, 240

    Google Scholar 

  20. L. C. Guillou and J.-J. Quisquater, “A practical zero-knowledge protocol fitted to security microprocessor minimizing botht ransmission and memory”, Advances in Cryptology-EUROCRYPT’88, volume 330 of Lecture Notes in Computer Science, pages 123–128, Springer-Verlag, 1988.

    Google Scholar 

  21. M. Joye, J.-J. Quisquater, and M. Yung, “On the power of misbehaving adversaries”, Topics in Cryptology-CT-RSA 2001, volume 2020 of Lecture Notes in Computer Science, pages 208–222, Springer-Verlag, 2001. 229

    Chapter  Google Scholar 

  22. A. Kerckhoffs, “La cryptographie militaire (Military Cryptography)”, Journal des sciences militaires, vol.IX, pages 5–83, Jan. 1883, pages 161–191, Feb. 1883. 227

    Google Scholar 

  23. S. Kim, J. H. Cheon, M. Joye, S. Lim, M. Mambo, D. Won, and Y. Zheng “Strong adaptive chosen-ciphertext attack with memory dump (Or: The importance of the order of decryption and validation)”, Eighth IMA Conference on Cryptography and Coding 2001, volume 2260 of Lecture Notes in Computer Science pages 114–127, Springer-Verlag, 2001. 230, 231, 232, 235

    Google Scholar 

  24. S. Kim, J. H. Cheon, M. Joye, S. Lim, M. Mambo, D. Won, and Y. Zheng, “Security analysis of “provably” secure cryptosystems under strong adaptive chosenciphertext attack”, Technical Report of IEICE, ISSN 0913-5685, ISEC2001-89, Vol.101, No.507, pages 17–24, 2001. 230, 231, 232, 235

    Google Scholar 

  25. P. Kocher, “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems”, Advances in Cryptology-CRYPTO’96, volume 1109 of Lecture Notes in Computer Science, pages 104–113, Springer-Verlag, 1996.

    Google Scholar 

  26. P. Kocher, J. Jaffe, and B. Jun, “Introduction to differential power analysis and related attacks”, 1998, http://www.cryptography.com/dpa/technical.

  27. P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis”, Advances in Cryptology-CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 388–397, Springer-Verlag, 1999.

    Google Scholar 

  28. J. Manger, “A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS #1”, Advances in Cryptology-CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 230–238, Springer-Verlag, 2001. 229

    Chapter  Google Scholar 

  29. M. Naor and M. Yung, “Public-key cryptosystems provably secure against chosen ciphertext attacks”, 22nd Annual ACM Symposium on Theory of Computing, pages 427–437, ACM Press, 1990. 229

    Google Scholar 

  30. T. Okamoto and D. Pointcheval, “REACT: Rapid enhanced-security asymmetric cryptosystem transform”, Topics in Cryptology-CT-RSA 2001, volume 2020 of Lecture Notes in Computer Science, pages 159–175, Springer-Verlag, 2001. 234, 240

    Chapter  Google Scholar 

  31. R. Ostrovsky and M. Yung, “How to withstand mobile virus attacks”, Proceedings of the Tenth Annual ACM Symposium on Princiles of Distributed Computing-PODC’91, pages 51–59, ACM Press, 1991. 231

    Google Scholar 

  32. D. Pointcheval, “Chosen-ciphertext security for any one-way cryptosystem”, Public Key Cryptography, volume 1751 of Lecture Notes in Computer Science, pages 129–146, Springer-Verlag, 2000. 234, 239, 240

    Google Scholar 

  33. C. Rackoff and D. Simon, “Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack”, Advances in Cryptology-CRYPTO’91, volume 576 of Lecture Notes in Computer Science, pages 433–444, Springer-Verlag, 1992. 229

    Google Scholar 

  34. R. L. Rivest, A. Shamir, and L. M. Adleman, “A method for obtaining digital signatures and public-key cryptosystems”, Communications of the ACM, 21(2):120–126, 1978. 238

    Article  MATH  MathSciNet  Google Scholar 

  35. C. P. Schnorr and M. Jakobsson, “Security of signed ElGamal encryption”, Advances in Cryptology-ASIACRYPT 2000, volume 1976 of Lecture Notes in Computer Science, pages 73–89, Springer-Verlag, 2000. 239, 240

    Chapter  Google Scholar 

  36. Y. Tsiounis and M. Yung, “On the security of ElGamal-based encryption”, Public Key Cryptography, volume 1431 of Lecture Notes in Computer Science, pages 117–134, Springer-Verlag, 1998. 238, 240

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. KISA (Korea Information Security Agency), 78, Garag-Dong, Songpa-Gu, 138-803, Seoul, Korea

    Seungjoo Kim

  2. Graduate School of Information Sciences, Tohoku University, 980-8576, Kawauchi Aoba Sendai, Japan

    Masahiro Mambo

  3. UNC Charlotte 9201 University City Blvd, 28223, Charlotte, NC

    Yuliang Zheng

Authors
  1. Seungjoo Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Masahiro Mambo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuliang Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Gemplus, Card Security Group, La Vigie, Avenue du Jujubier, ZI Athélia IV, 13705, La Ciotat Cedex, France

    Marc Joye

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, S., Mambo, M., Zheng, Y. (2003). Rethinking Chosen-Ciphertext Security under Kerckhoffs’ Assumption. In: Joye, M. (eds) Topics in Cryptology — CT-RSA 2003. CT-RSA 2003. Lecture Notes in Computer Science, vol 2612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36563-X_16

Download citation

  • DOI: https://doi.org/10.1007/3-540-36563-X_16

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00847-7

  • Online ISBN: 978-3-540-36563-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation