Adaptive-CCA on OpenPGP Revisited

  • Hsi-Chung Lin
  • Sung-Ming Yen
  • Guan-Ting Chen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3269)


E-mail system has become one of the most important and popular Internet services. Instead of using traditional surface mail, we have the alternative of employing e-mail system which provides a reliable and efficient message delivery. However, in the electronic era, privacy, data integrity, and authentication requirements turn out to be especially unavoidable. Secure e-mail system specifications and software developments have been widely discussed in the past decade. Among which OpenPGP is a widespread and well known specification, and PGP becomes a famous implementation. But only limited security analyses on both theoretical and practical aspects about secure e-mail system has been considered previously. In this paper, new chosen ciphertext attacks against the latest version of OpenPGP are proposed with detailed analysis. Furthermore, a new vulnerability due to system version backward compatibility will be pointed out.


Chosen ciphertext attack (CCA) E-mail Encryption mode Message format OpenPGP PGP 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Garfinkel, S.: PGP: pretty good privacy. O’Reilly, Sebastopol (1995)Google Scholar
  2. 2.
    Zimmerman, P.: The official PGP user’s guide. MIT Press, Cambridge (1995)Google Scholar
  3. 3.
    Atkins, D., Stallings, W., Zimmermann, P.: PGP message exchange formats. RFC 1991 (August 1996)Google Scholar
  4. 4.
    Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP message format. RFC 2440 (November 1998)Google Scholar
  5. 5.
    Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP message format. RFC 2440, draft 09 (October 2003)Google Scholar
  6. 6.
    National Bureau of Standards, DES modes of operation, NBS FIPS PUB 81, U.S. Department of Commerce (December 1980)Google Scholar
  7. 7.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proc. of the 38th Symposium on Foundations of Computer Science, FOCS 1997, IEEE, Los Alamitos (1997)Google Scholar
  8. 8.
    Katz, J., Yung, M.: Complete characterization of security notions for probabilistic private-key encryption. In: Proc. of the 32nd Annual ACM Symposium on Theory of Computing, STOC 2000, pp. 245–254. ACM, New York (2000)CrossRefGoogle Scholar
  9. 9.
    Katz, J., Schneier, B.: A chosen ciphertext attack against several e-mail encryption protocols. In: Proc. of the 9th USENIX Security Symposium (2000)Google Scholar
  10. 10.
    Jallad, K., Katz, J., Schneier, B.: Implementation of chosen-ciphertext attacks against PGP and GnuPG. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 90–101. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)Google Scholar
  12. 12.
    Manger, J.: A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS #1 v2.0. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 230–238. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Vaudenay, S.: Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS.. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Hsi-Chung Lin
    • 1
  • Sung-Ming Yen
    • 1
  • Guan-Ting Chen
    • 1
  1. 1.Laboratory of Cryptography and Information Security (LCIS), Department of Computer Science and Information EngineeringNational Central UniversityChung-LiTaiwan R.O.C.

Personalised recommendations