A chosen ciphertext attack against several e-mail encryption protocols

Authors:
Jonathan Katz;Bruce Schneier
Affiliations:
Department of Computer Science, Columbia University;Counterpane Internet Security, Inc.
Venue:
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Year:
2000

Citing 7
Cited 4

The official PGP user's guide

The official PGP user's guide
Complete characterization of security notions for probabilistic private-key encryption

STOC '00 Proceedings of the thirty-second annual ACM symposium on Theory of computing
PGP: Pretty Good Privacy

PGP: Pretty Good Privacy
Reaction Attacks against several Public-Key Cryptosystems

ICICS '99 Proceedings of the Second International Conference on Information and Communication Security
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology

Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation

FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG

ISC '02 Proceedings of the 5th International Conference on Information Security
Attacking and repairing the winZip encryption scheme

Proceedings of the 11th ACM conference on Computer and communications security
An attack on CFB mode encryption as used by OpenPGP

SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

Several security protocols (PGP, PEM, MOSS, S/MIME, PKCS#7, CMS, etc.) have been developed to provide confidentiality and authentication of electronic mail. These protocols are widely used and trusted for private communication over the Internet. We point out a potentially serous security hole in these protocols: any encrypted e-mail can be decrypted using a one-message, adaptive chosen-ciphertext attack which exploits the structure of the block cipher chaining models used. Although such attacks seem to be of primarily theoretical interest, we argue that they are feasible in the networked systems in which these e-mail protocols are used. We suggest several solutions to protect against this class of attack.