CryptoDB
Partitioning Oracle Attacks
| Authors: | |
|---|---|
| Download: | |
| Presentation: | Slides |
| Abstract: | In this talk we introduce partitioning oracles, a new class of decryption error oracles which, conceptually, take a ciphertext as input, and output whether the decryption key belongs to some known subset of keys. These can arise when encryption schemes are not committing with respect to their keys, and lead to vulnerabilities when keys are lower entropy, such as human-chosen passwords. We detail adaptive chosen ciphertext attacks that exploit partitioning oracles to efficiently recover passwords. The attacks utilize efficient key multi-collision algorithms --- a cryptanalytic goal that we define --- against the widely used authenticated encryption with associated data (AEAD) schemes, including AES-GCM, XSalsa20/Poly1305, and ChaCha20/Poly1305. Finally, we discuss why these findings point to the need to develop and standardize efficient committing AEAD schemes for widespread deployment. |
| Video: | https://youtu.be/TZMgRnSV3pk?t=2302 |
BibTeX
@misc{rwc-2021-35515,
title={Partitioning Oracle Attacks},
note={Video at \url{https://youtu.be/TZMgRnSV3pk?t=2302}},
howpublished={Talk given at RWC 2021},
author={Julia Len and Paul Grubbs and Thomas Ristenpart},
year=2021
}