On the (In)Security of ElGamal in OpenPGP

被引：0

作者：

De Feo, Luca ^{[1
]}

Poettering, Bertram ^{[1
]}

Sorniotti, Alessandro ^{[1
]}

机构：

[1] IBM Res Europe, Zurich, Switzerland

来源：

COMMUNICATIONS OF THE ACM | 2023年 / 66卷 / 06期

关键词：

EXPONENTIATION; ATTACKS;

D O I：

10.1145/3592835

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Roughly four decades ago, Taher ElGamal put forward what is today one of the most widely known and best understood public key encryption schemes. ElGamal encryption has been used in many different contexts, chiefly among them by the OpenPGP email encryption standard. Despite its simplicity, or perhaps because of it, in reality there is a large degree of ambiguity on several key aspects of the cipher. Each library in the OpenPGP ecosystem seems to have implemented a slightly different "flavor" of ElGamal encryption. While-taken in isolation-each implementation may be secure, we reveal that in the interoperable world of OpenPGP, unforeseen cross-configuration attacks become possible. Concretely, we propose different such attacks and show their practical efficacy by recovering plaintexts and even secret keys.

引用

页码：107 / 115

页数：9

共 50 条

[1] On the (In)Security of ElGamal in OpenPGP
De Feo, Luca
Poettering, Bertram
Sorniotti, Alessandro
CCS '21: PROCEEDINGS OF THE 2021 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2021, : 2066 - 2080
[2] A Security Audit of the OpenPGP Format
Barenghi, Alessandro
Mainardi, Nicholas
Pelosi, Gerardo
2017 14TH INTERNATIONAL SYMPOSIUM ON PERVASIVE SYSTEMS, ALGORITHMS AND NETWORKS & 2017 11TH INTERNATIONAL CONFERENCE ON FRONTIER OF COMPUTER SCIENCE AND TECHNOLOGY & 2017 THIRD INTERNATIONAL SYMPOSIUM OF CREATIVE COMPUTING (ISPAN-FCST-ISCC), 2017, : 336 - 343
[3] On the CCA1-Security of Elgamal and Damgard's Elgamal
Lipmaa, Helger
INFORMATION SECURITY AND CRYPTOLOGY, 2011, 6584 : 18 - 35
[4] Security of signed ElGamal encryption
Schnorr, CP
Jakobsson, M
ADVANCES IN CRYPTOLOGY ASIACRYPT 2000, PROCEEDINGS, 2000, 1976 : 73 - 89
[5] Security Analysis of ElGamal Implementations
El Laz, Mohamad
Gregoire, Benjamin
Rezk, Tamara
PROCEEDINGS OF THE 17TH INTERNATIONAL JOINT CONFERENCE ON E-BUSINESS AND TELECOMMUNICATIONS (SECRYPT), VOL 1, 2020, : 310 - 321
[6] On the Security of a Variant of ElGamal Encryption Scheme
Rao, Fang-Yu
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2019, 16 (04) : 725 - 728
[7] ENHANCING THE SECURITY OF ELGAMAL SIGNATURE SCHEME
HE, J
KIESLER, T
IEE PROCEEDINGS-COMPUTERS AND DIGITAL TECHNIQUES, 1994, 141 (04): : 249 - 252
[8] A new security proof for Damgard's ElGamal
Gjosteen, K
TOPICS IN CRYPTOLOGY - CT-RSA 2006, PROCEEDINGS, 2006, 3860 : 150 - 158
[9] On the Hardness of Proving CCA-Security of Signed ElGamal
Bernhard, David
Fischlin, Marc
Warinschi, Bogdan
PUBLIC-KEY CRYPTOGRAPHY - PKC 2016, PT I, 2016, 9614 : 47 - 69
[10] ElGamal type digital multisignature schemes and its security
Lu, Jianzhu
Chen, Huoyan
Lin, Fei
Jisuanji Yanjiu yu Fazhan/Computer Research and Development, 2000, 37 (11): : 1335 - 1339

← 1 2 3 4 5 →