Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS ...
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption
Proceedings of the 11th USENIX Security Symposium
Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
ISC '02 Proceedings of the 5th International Conference on Information Security
A chosen ciphertext attack against several e-mail encryption protocols
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Padding oracle attacks on CBC-Mode encryption with secret and random IVs
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Error oracle attacks on CBC mode: is there a future for CBC mode encryption?
ISC'05 Proceedings of the 8th international conference on Information Security
| Hi-index | 0.00 |
This paper describes an adaptive chosen-ciphertext attack on the Cipher Feedback (CFB) mode of encryption as used in OpenPGP. In most circumstances it will allow an attacker to determine 16 bits of any block of plaintext with about 215 oracle queries for the initial setup work and 215 oracle queries for each block. Standard CFB mode encryption does not appear to be affected by this attack. It applies to a particular variation of CFB used by OpenPGP. In particular it exploits an ad-hoc integrity check feature in OpenPGP which was meant as a “quick check” to determine the correctness of the decrypting symmetric key.