论文信息 - An Attack on CFB Mode Encryption as Used by OpenPGP

An Attack on CFB Mode Encryption as Used by OpenPGP

This paper describes an adaptive chosen-ciphertext attack on the Cipher Feedback (CFB) mode of encryption as used in OpenPGP. In most circumstances it will allow an attacker to determine 16 bits of any block of plaintext with about 215 oracle queries for the initial setup work and 215 oracle queries for each block. Standard CFB mode encryption does not appear to be affected by this attack. It applies to a particular variation of CFB used by OpenPGP. In particular it exploits an ad-hoc integrity check feature in OpenPGP which was meant as a “quick check” to determine the correctness of the decrypting symmetric key.

Robert J. Zuccherato | Serge Mister | R. Zuccherato | S. Mister

[1] John Black,et al. Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption , 2002, USENIX Security Symposium.

[2] Serge Vaudenay,et al. Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[3] Jon Callas,et al. OpenPGP Message Format , 1998, RFC.

[4] David J. Goodman,et al. Personal Communications , 1994, Mobile Communications.

[5] Chris J. Mitchell,et al. Error Oracle Attacks on CBC Mode: Is There a Future for CBC Mode Encryption? , 2005, ISC.

[6] Kenneth G. Paterson,et al. Padding Oracle Attacks on CBC-Mode Encryption with Secret and Random IVs , 2005, FSE.

[7] Serge Vaudenay,et al. Password Interception in a SSL/TLS Channel , 2003, CRYPTO.

[8] Jonathan Katz,et al. Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG , 2002, ISC.

[9] Burton S. Kaliski,et al. PKCS #1: RSA Encryption Version 1.5 , 1998, RFC.

[10] Guan-Ting Chen,et al. Adaptive-CCA on OpenPGP Revisited , 2004, ICICS.

[11] Jonathan Katz,et al. A Chosen Ciphertext Attack Against Several E-Mail Encryption Protocols , 2000, USENIX Security Symposium.

[12] Daniel Bleichenbacher,et al. Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.