Discover

Home

Blogs

Trip Deals

Hotel Deals

Jobs

Videos

Articles

Directory

 

Languages

ADAPTIVE CHOSEN-CIPHERTEXT ATTACK

(Redirected from Adaptive chosen ciphertext attack)
An 'adaptive chosen-ciphertext attack' (abbreviated as 'CCA2') is an interactive form of chosen-ciphertext attack in which an attacker sends a number of ciphertexts to be decrypted, then uses the results of these decryptions to select subsequent ciphertexts. It is to be distinguished from an indifferent chosen-ciphertext attack (CCA1).
The goal of this attack is to gradually reveal information about an encrypted message, or about the decryption key itself. For public-key systems, adaptive-chosen-ciphertexts are generally applicable only when they have the property of ciphertext malleability — that is, a ciphertext can be modified in specific ways that will have a predictable effect on the decryption of that message.

Contents
Practical attacks
Preventing attacks
References

Practical attacks


Adaptive-chosen-ciphertext attacks were largely considered to be a theoretical concern until 1998, when Daniel Bleichenbacher of Bell Laboratories demonstrated a practical attack against systems using RSA encryption in concert with the PKCS #1 v1 encoding function, including a version of the Secure Socket Layer (SSL) protocol used by thousands of web servers at the time.
The Bleichenbacher attacks took advantage of flaws within the PKCS #1 function to gradually reveal the content of an RSA encrypted message. Doing this requires sending several million test ciphertexts to the decryption device (eg, SSL-equipped web server.) In practical terms, this means that an SSL session key can be exposed in a reasonable amount of time, perhaps a day or less.

Preventing attacks


In order to prevent adaptive-chosen-ciphertext attacks, it is necessary to use an encryption or encoding scheme that limits ciphertext malleability. A number of encoding schemes have been proposed; the most common standard for RSA encryption is Optimal Asymmetric Encryption Padding (OAEP). Unlike ad-hoc schemes such as the padding used in PKCS #1 v1, OAEP has been proven secure under the random oracle model.

References



★ Daniel Bleichenbacher, Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1, CRYPTO 1998, pp1–12.

This article provided by Wikipedia. To edit the contents of this article, click here for original source.

psst.. try this: add to faves
Featured Companies
Oceanfrontier HideawayOceanfrontier Hideaway
Sheraton Suites Philadelphia AirportSheraton Suites Philadelphia Airport
The Boulders Resort and Golden Door SpaThe Boulders Resort and Golden Door Spa
Coral Beach ClubCoral Beach Club
discover more →
Newest Companies
Best Western Suites Downtown CalgaryBest Western Suites Downtown Calgary
The Westin Resort & Spa WhistlerThe Westin Resort & Spa Whistler
Pelican Executive SuitesPelican Executive Suites
Club AmbianceClub Ambiance
TravelonlyTravelonly
World Travel STLWorld Travel STL
Just Roughin It Adventure CompanyJust Roughin It Adventure Company
Belize Legacy Beach ResortBelize Legacy Beach Resort
Travel CounsellorsTravel Counsellors
Mata Rocks ResortMata Rocks Resort
discover more →
Adaptive chosen-ciphertext attack Travel Deals
more deals →
Travel Articles
Discover Dallas: Where the Old West Meets the New WestDiscover Dallas: Where the Old West Meets the New West
Irresistibly affordable fall holidays to Puerto VallartaIrresistibly affordable fall holidays to Puerto Vallarta
Don\Don't let the rain ruin your sunny beach holiday
Launch ski season at Copper Mountain in ColoradoLaunch ski season at Copper Mountain in Colorado
Explore all that Durango, Colorado has to offerExplore all that Durango, Colorado has to offer
Manzanillo is perfect for Mexico family winter getawayManzanillo is perfect for Mexico family winter getaway
discover more →
Recent Blogs
discover more >