Chosen Ciphertext Attack on SSS
نویسندگان
چکیده
The stream cipher Self-Synchronizing Sober (SSS) is a candidate in the ECRYPT stream cipher competition. In this paper, we describe a chosen ciphertext attack on SSS. Our implementation of the attack recovers the entire secret state of SSS in around 10 seconds on a 2.8GHz PC, and requires a single chosen ciphertext of less than 10 kByte. The designers of SSS state that chosen ciphertext attacks were considered to fall outside of the threat model. Hence the relevance of such attacks is also discussed in this paper.
منابع مشابه
Chosen-Ciphertext Attacks Against MOSQUITO
Self-Synchronizing Stream Ciphers (SSSC) are a particular class of symmetric encryption algorithms, such that the resynchronization is automatic, in case of error during the transmission of the ciphertext. In this paper, we extend the scope of chosen-ciphertext attacks against SSSC. Previous work in this area include the cryptanalysis of dedicated constructions, like KNOT, HBB or SSS. We go fur...
متن کاملA Parallel Authenticated Encryption Sharing Scheme Based on Cellular Automata
Abstract— Multi-secret sharing scheme based on cellular automata have proven to be a secure encrypting algorithm, although it cannot guarantee data integrity and authenticity of shares of the participants, allowing a chosen cipher text attack. In this work, to improve the security of multiple secret sharing scheme (SSS) against adaptive chosen cipher text attack, we introduce an authenticated e...
متن کاملAdversary Model: Adaptive Chosen Ciphertext Attack with Timing Attack
We have introduced a novel adversary model in Chosen-Ciphertext Attack with Timing Attack (CCA2-TA) [1] and it was a practical model because the model incorporates the timing attack. This paper is an extended paper for “A Secure TFTP Protocol with Security Proofs” [1]. Keywords—Timing Attack, Random Oracle Model, Indistinguishabilit, Chosen Plaintext Attack, CPA, Chosen Ciphertext Attack, IND-C...
متن کاملChosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
This paper introduces a new adaptive chosen ciphertext attack against certain protocols based on RSA. We show that an RSA private-key operation can be performed if the attacker has access to an oracle that, for any chosen ciphertext, returns only one bit telling whether the ciphertext corresponds to some unknown block of data encrypted using PKCS #1. An example of a protocol susceptible to our ...
متن کاملChosen Ciphertext Attacks Against Protoco l s Based on the R S A Encrypt ion Standard
A b s t r a c t . This paper introduces a new adaptive chosen ciphertext attack against certain protocols based on RSA. We show that an RSA private-key operation can be performed if the attacker has access to an oracle that, for any chosen ciphertext, returns only one bit telling whether the ciphertext corresponds to some unknown block of data encrypted using PKCS ~1. An example of a protocol s...
متن کامل