Abstract
This paper describes an adaptive chosen-ciphertext attack on the Cipher Feedback (CFB) mode of encryption as used in OpenPGP. In most circumstances it will allow an attacker to determine 16 bits of any block of plaintext with about 215 oracle queries for the initial setup work and 215 oracle queries for each block. Standard CFB mode encryption does not appear to be affected by this attack. It applies to a particular variation of CFB used by OpenPGP. In particular it exploits an ad-hoc integrity check feature in OpenPGP which was meant as a “quick check” to determine the correctness of the decrypting symmetric key.
Chapter PDF
References
ANSI X9.52 – 1998, Triple Data Encryption Algorithm Modes Of Operation. American National Standards Institute (July 29, 1998)
Black, J., Urtubia, H.: Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption. In: Proceedings of the 11th USENIX Security Symposium, pp. 327–338 (2002), http://www.usenix.org/events/sec02/fullpapers/black/black_html/
Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)
Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP Message Format. RFC 2440 (November 1998)
Canvel, B., Hiltgen, A., Vaudenay, S., Vuagnoux, M.: Password Interception in a SSL/TLS Channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 583–599. Springer, Heidelberg (2003)
Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP Message Format. draft-ietf-openpgp-rfc2440bis-XX.txt, work in progress
Cryptix OpenPGP, 20041006 snapshot, http://www.cryptix.org/
Dworkin, M.: Recommendation for Block Cipher Modes of Operation. US Department of Commerce, NIST Special Publication 800-38A (2001), Available at: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Finney, H.: Personal communications
The GNU Privacy Guard, version 1.2.6, Available at: http://www.gnupg.org/
Jallad, K., Katz, J., Schneier, B.: Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG. In: Proceedings of the 5th International Conference on Information Security, pp. 90–101 (2002)
Kaliski, B.: PKCS #7: RSA Encryption, Version 1.5. RFC 2313 (March 1998)
Katz, J., Schneier, B.: A Chosen Ciphertext Attack against Several E-Mail Encryption Protocols. In: Proceedings of the 9th USENIX Security Symposium, pp. 241–246 (2000), Available at: http://www.usenix.org/publications/library/proceedings/sec2000/katz.html
Lin, H.C., Yen, S.M., Chen, G.T.: Adaptive-CCA on OpenPGP Revisited. In: López, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 452–464. Springer, Heidelberg (2004)
Mitchell, C.J.: Error oracle attacks on CBC mode: Is there a future for CBC mode encryption? In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 244–258. Springer, Heidelberg (2005); See also: Royal Holloway, University of London, Mathematics Department Technical Report RHUL-MA-2005-7, 18 pages (April 2005), http://www.ma.rhul.ac.uk/techreports/2005/RHUL-MA-2005-7.pdf
Vaudenay, S.: Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS... In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002)
Yau, A.K.L., Paterson, K.G., Mitchell, C.J.: Padding oracle attacks on CBCmode encryption with random and secret IVs. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 299–319. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mister, S., Zuccherato, R. (2006). An Attack on CFB Mode Encryption as Used by OpenPGP. In: Preneel, B., Tavares, S. (eds) Selected Areas in Cryptography. SAC 2005. Lecture Notes in Computer Science, vol 3897. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11693383_6
Download citation
DOI: https://doi.org/10.1007/11693383_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33108-7
Online ISBN: 978-3-540-33109-4
eBook Packages: Computer ScienceComputer Science (R0)