
	Where results make sense

Topic: Adaptive chosen plaintext attack

Related Topics

Adaptive chosen plaintext and chosen ciphertext attack

Chosen ciphertext attack

In the News (Sun 27 May 12)

EXECUTIVE POWER

Iran

ANALYSIS

Pakistan

Family compact

	Kids.Net.Au - Encyclopedia > Chosen plaintext attack
		A chosen plaintext attack is an attack[?] on a cryptosystem[?] in which the cryptanalyst chooses plaintext to be encrypted as a way further the attack.
		More commonly information is leaked which is expected to be encrypted and transmitted over an eavesdroppable channel (this is called a known plaintext attack[?]).
		The 'message' encrypted with using an asymmetric key algorithm (aka public key / private key algorithm[?]) is a session key which should have been randomly chosen, or the hash of plaintext message, not the plaintext itself.
	www.kids.net.au /encyclopedia-wiki/ch/Chosen_plaintext_attack (274 words)

	Chosen plaintext attack (Site not responding. Last check: 2007-11-03)
		A chosen plaintext attack is an attack on a cryptosystem in which the cryptanalyst chooses plaintext to be encrypted as a way further the attack.
		The 'message' encrypted with using an asymmetric key algorithm (aka public key / private key algorithm) is a session key which should have been randomly chosen, or the hash of plaintext message, not the plaintext itself.
		But note that the RSA asymmetric key algorithm is inherently susceptible to a chosen ciphertext attack.
	bopedia.com /en/wikipedia/c/ch/chosen_plaintext_attack.html (262 words)

	Chosen plaintext attack - Definition, explanation
		A chosen plaintext attack is any form of cryptanalysis which presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts.
		In addition, any cipher that can prevent chosen-plaintext attacks is then also guaranteed to be secure against known-plaintext and ciphertext-only attacks; this is a conservative approach to security.
		Conventional symmetric ciphers, in which the same key is used to encrypt and decrypt a text, are often vulnerable to this type of attack, for example, differential cryptanalysis of block ciphers.
	www.calsky.com /lexikon/en/txt/c/ch/chosen_plaintext_attack.php (314 words)

	Attack Bobcat Golfer (Site not responding. Last check: 2007-11-03)
		Bit-flipping attack - A bit-flipping attack is an attack on a cryptographic cipher in which the attacker can change the ciphertext in such as a way as to result in a predictable change of the plaintext, although the attacker is not able to learn the plaintext itself.
		Chosen-ciphertext attack - A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis in which the cryptanalyst chooses a ciphertext and causes it to be decrypted with an unknown key.
		Adaptive chosen plaintext and chosen ciphertext attack - In cryptography, an adaptive chosen plaintext attack and chosen ciphertext attack is one in which the attacker can choose both plaintexts to be encrypted and ciphertexts to be decrypted, and can do so interactively, basing one query on the results of the previous.
	www.golfmundi.com /attackbobcatgolfer.html (814 words)

	Plaintext - CompWisdom (Site not responding. Last check: 2007-11-03)
		Plaintext is also a term from cryptography, where it refers to the input into a crypto system, or the message to be encoded (also referred to as "clear text").
		The known plaintext bytes are the inputs of the update_keys function, and the derived key3's are the outputs.
		A known plaintext attack is somewhat easier to mount than a chosen plaintext attack, because a known plaintext attack does not require the cryptanalyst to be able to feed data into the encryption device, it only requires him to know what data is being fed into the device.
	www.compwisdom.com /topics/Plaintext (1995 words)

	Action cures fears!: Cryptology by Oliver Pell (4)
		A standard cryptanalytic attack is to determine the key which maps a known plaintext to a known ciphertext.
		If the plaintext segment is guessed it is unlikely that its exact position is known however a message is generally short enough for a cryptanalyst to try all possible positions in parallel.
		In a chosen plaintext attack the cryptanalyst has the capability to find the ciphertext corresponding to an arbitrary plaintext message of his or her own choosing.
	peterpanpaniscoming.spaces.msn.com /Blog/cns!805A9BDEA7D8FD64!350.entry (2344 words)

	[Full-Disclosure] Vulnerabilities in the Kerberos version 4 protocol
		Kerberos 4 is vulnerable to this attack due to the lack of random confounders, the lack of random initialization vectors, and the lack of cryptographically strong integrity checking in its use of block ciphers.
		For this particular attack, it is necessary to obtain the ciphertext block C[0] corresponding to the desired confounder, possibly by the same method that can be used for the C[0] attack on PCBC krb4, i.e.
		Attack on transitive closure of trust ===================================== Normally, cross-realm trust in krb4 is not transitive, because the code in the KDC implementation forbids realm-hopping by use of cross-realm tickets.
	lists.grok.org.uk /pipermail/full-disclosure/2003-March/004143.html (4477 words)

	RSA Labs FAQ - What are some of the basic types of cryptanalytic attack?
		A chosen-plaintext attack is one in which the cryptanalyst is able to choose a quantity of plaintext and then obtain the corresponding encrypted ciphertext.
		An adaptive-chosen-plaintext attack is a special case of chosen-plaintext attack in which the cryptanalyst is able to choose plaintext samples dynamically, and alter his or her choices based on the results of previous encryptions.
		A chosen-ciphertext attack is one in which cryptanalyst may choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext.
	academic.sun.ac.za /mil/mil_cis/Cis314-2/security/1998/2-4-2.html (355 words)

	Blog for linergy
		This attack is where the attacker has the plaintext along with the encoded version of a message.
		This attack is where the attacker is able to trick the encoder into encrypting a message of his choice.
		The 'ciphertext-only' attack is where the attacker has only the encoded message and tries to determine the plaintext and or the key only from that ciphertext.
	www.advogato.org /person/linergy/diary.html?start=1 (3844 words)

	David Hopwood - Cryptography - Recipient hiding
		Similar attacks are possible for discrete log-based cryptosystems that use a different modulus (or more generally, a different finite group or subgroup) for each user.
		We have chosen to use DHAES ("Diffie-Hellman Authenticated Encryption Scheme") as the basis for our discrete-log-based schemes, because DHAES is efficient, flexible in terms of the group to be used, and has security proofs that can be easily adapted for our purposes.
		Adaptive chosen plaintext attacks do not normally need to be considered explicitly for public key algorithms, because the attacker is assumed to have access to the public key.
	www.users.zetnet.co.uk /hopwood/crypto/rh/index.html (3987 words)

	Glossary Page 1
		A Cryptanalyst can mount an attack of this type in a scenario in which he or she has free use of a piece of decryption hardware, but is unable to extract the decryption key from it.
		adaptive-chosen-plaintext - A special case of the chosen-plaintext attack in which the cryptanalyst is able to choose plaintexts dynamically, and alter his or her choices base on the results of previous encryptions.
		See algebraic attack, birthday attack, brute force attack, chosen ciphertext attack, chosen plaintext attack, differential cryptanalysis, known plaintext attack, linear cryptanalysis, middleperson attack.
	www.lexias.com /html/glossary1.html (447 words)

	Block Ciphers
		It portrays the feasibility of a known-plaintext attack.
		It is a chosen plaintext attack which uses bit-wise differences between different texts to gain some information about the key.
		Another consideration is that Biham and Shamir's original attack consumed a huge amount of space, as it needed counters for each possible key (but only for 48 bits, as the rest are determined by brute force) in order to determine the most frequently suggested values.
	www.cs.usask.ca /~dtr467/400 (6127 words)

	Spartanburg SC \| GoUpstate.com \| Spartanburg Herald-Journal
		This security definition is currently the strongest definition known for a public key cryptosystem: it assumes that the attacker has access to a decryption oracle which will decrypt any ciphertext using the scheme's secret decryption key.
		The "adaptive" component of the security definition means that the attacker has access to this decryption oracle both before and after he observes a specific target ciphertext to attack (though he is prohibited from using the oracle to simply decrypt this target ciphertext).
		This began to change during the late 1990s, particularly when Daniel Bleichenbacher demonstrated a practical adaptive chosen ciphertext attack against SSL servers using a form of RSA encryption.
	www.goupstate.com /apps/pbcs.dll/section?category=NEWS&template=wiki&text=Cramer-Shoup_cryptosystem (671 words)

	Adaptive chosen ciphertext attack - Definition, explanation
		An adaptive chosen ciphertext attack is an interactive form of chosen ciphertext attack in which an attacker sends a number of ciphertexts to be decrypted, then uses the results of these decryptions to select subsequent ciphertexts.
		For public-key systems, adaptive chosen ciphertexts are generally applicable only when they have the property of ciphertext malleability — that is, a ciphertext can be modified in specific ways that will have a predictable effect on the decryption of that message.
		In order to prevent adaptive chosen ciphertext attacks, it is necessary to use an encryption or encoding scheme that limits ciphertext malleability.
	www.calsky.com /lexikon/en/txt/a/ad/adaptive_chosen_ciphertext_attack.php (318 words)

	EFF: (Site not responding. Last check: 2007-11-03)
		To summarize, the basic types of cryptanalytic attacks in order of difficulty for the attacker, hardest first, are: cyphertext only: the attacker has only the encoded message from which to determine the plaintext, with no knowledge whatsoever of the latter.
		A chosen-plaintext attack is the first of an increasingly impractical series of _active_ attacks on a cryptosystem: attacks where the cryptanalyst feeds data to the encryptor.
		More absurd examples of this sort of attack are the ``chosen-key attack'' and ``chosen-system attack.'' A much more important form of active attack is a message corruption attack, where the attacker tries to change the ciphertext in such a way as to make a useful change in the plaintext.
	www.eff.org /Privacy/Crypto/?f=crypto.faq.txt (13950 words)

	[No title]
		The purpose of cryptanalysis is to recover the plaintext or the key given access to ciphertext.
		In this attack, the cryptanalyst has both the encrypted and plaintext of several messages.
		This is a chosen-plaintext attack in which the crypanalyst can choose subsequent plaintexts based on earlier rounds of the attack.
	members.aol.com /jdzik/brownbag1.txt (2505 words)

	SecuriTeam™ - Vulnerabilities in the Kerberos Version 4 Protocol
		Kerberos 4 is vulnerable to this attack due to the lack of random confounders, the lack of random initialization vectors, and the lack of cryptographically strong integrity checking in its use of block ciphers.
		Most of the "life" field and some of the "time_sec" field are also under the control of an attacker, and can be used as chosen plaintext with which to mount the ECB oracle attack, though this method may be somewhat more difficult, and suffers from the same drawbacks as the address space attack.
		For this particular attack, it is necessary to obtain the ciphertext block C[0] corresponding to the desired confounder, possibly by the same method that can be used for the C[0] attack on PCBC krb4, i.e.
	www.securiteam.com /unixfocus/5IP0E2K9FE.html (4625 words)

	Chosen-plaintext attack - Wikipedia, the free encyclopedia
		A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts.
		Chosen-plaintext attacks become extremely important in the context of public key cryptography, where the encryption key is public and attackers can encrypt any plaintext they choose.
		Conventional symmetric ciphers, in which the same key is used to encrypt and decrypt a text, may also be vulnerable to other forms of chosen-plaintext attack, for example, differential cryptanalysis of block ciphers.
	en.wikipedia.org /wiki/Chosen_plaintext_attack (390 words)

	Fred Cohen & Associates (Site not responding. Last check: 2007-11-03)
		The core of those attacks appears to be the non-uniform distribution of intermediate variables, resulting in a reduced dependence on earlier plaintext blocks, a statistical attack on some bits of the key, and susceptability to an adaptive chosen plaintext attack.
		Although we believe that this step succeeds in fending off the present attacks, we are by no means certain of the future of this system, and suspect that the fundamental weakness created by this non-uniformity may be unavoidable in any such system.
		Even though the attacker knows C(B), it is impossible to add a block as in the first attack to produce a valid checksum since this requires knowledge of S. Furthermore, S is no more at risk from exposure than it was under Algorithm 1 because it is still covered by an RSA encryption.
	all.net /books/integ/nextsum.html (1335 words)

	chosen plaintext attack - OneLook Dictionary Search
		We found one dictionary with English definitions that includes the word chosen plaintext attack:
		Tip: Click on the first link on a line below to go directly to a page where "chosen plaintext attack" is defined.
		Phrases that include chosen plaintext attack: adaptive chosen plaintext attack
	www.onelook.com /?loc=rescb&w=chosen+plaintext+attack (86 words)

	Cryptanalysis of MultiSwap (Site not responding. Last check: 2007-11-03)
		However, the attack on DRM described by Beale Screamer would be much more practical, so we feel that these weaknesses in MultiSwap do not pose a significant threat to DRM at this time.
		Recall there are two stages to the attack: recover k5 and k11, and recover the rest of the key.
		The attack on k5 and k11 can be converted to a known-plaintext attack as follows.
	www.cs.berkeley.edu /~rtjohnso/multiswap (1884 words)

	COMS 4261: Homework Page (Site not responding. Last check: 2007-11-03)
		Suppose that a cryptanalyist knows the key-size and is going to use the known plaintext attack described in lecture.
		Show that a Chosen Plaintext Attack can be mounted agains DES that needs only search half of the key-space.
		The definition of chosen ciphertext attack pre-cludes you from decrypting what you just encrypted, but you are allowed to modify the received ciphertext.
	www1.cs.columbia.edu /~zeph/4261/homework (3456 words)

	sky encryption - Re: The sky is falling! XML's dirty secret! Go back!It's a tr
		Consider: " A standard cryptanalytic attack is to know some plaintext matching a given piece of ciphertext and try to determine the key which maps one to the other.
		This plaintext can be known because it is standard (a standard greeting, a known header or trailer,...) or because it is guessed.
		A strong encryption algorithm will be unbreakable not only under known plaintext (assuming the enemy knows all the plaintext for a given ciphertext) but also under "adaptive chosen plaintext" -- an attack making life much easier for the cryptanalyst.
	www.stylusstudio.com /xmldev/200206/post80000.html (470 words)

	SECRYPT 2006 - International Conference on Security and Cryptography
		Unlike this, anomaly detection models a system’s usual behavior and is able to detect new attacks, but it often suffers from a too high number of (false) alarms, which overload their human operators.
		The first method is based on the attack graph adjacency matrix and helps in the prediction of a single or multiple step attack and in the categorization of intrusion alarms’ relevance.
		The attack in this paper is an application of the blockwise-adaptive chosen-plaintext attack paradigm, and is the only feasible attack to use this paradigm with a reasonable probability of success.
	www.secrypt.org /Abstracts/2006/abstracts.html (9163 words)

Try your search on: Qwika (all wikis)