Manger’s Attack Revisited

Strenzke, Falko

doi:10.1007/978-3-642-17650-0_4

Cited by 2 publications

(3 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• to remedy the fact that RSA is not a random permutation over the entire encoded message space, the standard ensures that it is always called on plaintexts whose first byte is zero; this has an incidence on the security and the proof. • finally, the standard permits the encryption of variable (but bounded) length messages, using some additional padding to fixed length; this does not affect theoretical security, but has led to well-known padding oracle attacks [27,33] when implemented carelessly.…”

Section: Secure C-like Code In Easycryptmentioning

confidence: 99%

Certified computer-aided cryptography

Almeida

Barbosa

Barthe

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

View full text Add to dashboard Cite

We present a computer-aided framework for proving concrete security bounds for cryptographic machine code implementations. The front-end of the framework is an interactive verification tool that extends the EasyCrypt framework to reason about relational properties of C-like programs extended with idealised probabilistic operations in the style of code-based security proofs. The framework also incorporates an extension of the CompCert certified compiler to support trusted libraries providing complex arithmetic calculations or instantiating idealized components such as sampling operations. This certified compiler allows us to carry to executable code the security guarantees established at the high-level, and is also instrumented to detect when compilation may interfere with side-channel countermeasures deployed in source code.We demonstrate the applicability of the framework by applying it to the RSA-OAEP encryption scheme, as standardized in PKCS#1 v2.1. The outcome is a rigorous analysis of the advantage of an adversary to break the security of assembly implementations of the algorithms specified by the standard. The example also provides two contributions of independent interest: it bridges the gap between computerassisted security proofs and real-world cryptographic implementations as described by standards such as PKCS,and demonstrates the use of the CompCert certified compiler in the context of cryptographic software development.

show abstract

Section: Secure C-like Code In Easycryptmentioning

confidence: 99%

Certified computer-aided cryptography

Almeida

Barbosa

Barthe

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

View full text Add to dashboard Cite

show abstract

“…In [25], it is discussed that other sources for timing differences based on the existence of such a supernumerary octet can be found in the integer to octet string conversion that precedes the OAEP decoding operation. This is due to the fact that these conversion routines generally iterate over the octets of the encoded integer.…”

Section: Manger's Attack Against Rsa-oaepmentioning

confidence: 99%

“…Here, according to [25], the encoding routines running time depends on the number of octets needed to represent the RSA message. In the case of McEliece, such a vulnerability is rather inconceivable in a reasonable implementation.…”

Section: Timing Attacksmentioning

confidence: 99%

Message-aimed side channel and fault attacks against public key cryptosystems with homomorphic properties

Strenzke¹

2011

J Cryptogr Eng

Self Cite

View full text Add to dashboard Cite

In this work, we introduce a new timing vulnerability in the decryption operation of the McEliece cryptosystem. Furthermore, we review previously known side channel and fault attacks against the RSA and McEliece cryptosystems and analyze them with respect to their differences and similarities concerning the respective points of attack. We show that it is basically the homomorphic properties of these schemes that allow the special type of message-aimed attacks based on observing the decryption of manipulated versions of the respective ciphertext and derive an according methodology for the analysis of such schemes with respect to these attacks. Consequently, we present new side channel attacks against other public key cryptosystems with homomorphic properties and point out certain aspects that are special to the countermeasures against this type of attack.

show abstract

Manger’s Attack Revisited

Cited by 2 publications

References 7 publications

Certified computer-aided cryptography

Certified computer-aided cryptography

Message-aimed side channel and fault attacks against public key cryptosystems with homomorphic properties

Contact Info

Product

Resources

About