Showing papers on "Optimal asymmetric encryption padding published in 2012"

Breaking a novel image encryption scheme based on improved hyperchaotic sequences

Abstract: Recently, a novel image encryption scheme based on improved hyperchaotic sequences was proposed. A pseudo-random number sequence, generated by a hyper-chaos system, is used to determine two involved encryption functions, bitwise exclusive or (XOR) operation and modulo addition. It was reported that the scheme can be broken with some pairs of chosen plain-images and the corresponding cipherimages. This paper re-evaluates the security of the encryption scheme and finds that the encryption scheme can be broken with only one known plain-image. The performance of the known-plaintext attack, in terms of success probability and computation load, become even much better when two known plain-images are available. In addition, security defects on insensitivity of the encryption result with respect to changes of secret key and plain-image are also reported.

Efficient Padding Oracle Attacks on Cryptographic Hardware

Abstract: We show how to exploit the encrypted key import functions of a variety of different cryptographic devices to reveal the imported key. The attacks are padding oracle attacks, where error messages resulting from incorrectly padded plaintexts are used as a side channel. In the asymmetric encryption case, we modify and improve Bleichenbacher's attack on RSA PKCS#1v1.5 padding, giving new cryptanalysis that allows us to carry out the 'million message attack' in a mean of 49 000 and median of 14 500 oracle calls in the case of cracking an unknown valid ciphertext under a 1024 bit key the original algorithm takes a mean of 215 000 and a median of 163 000 in the same case. We show how implementation details of certain devices admit an attack that requires only 9 400 operations on average 3 800 median. For the symmetric case, we adapt Vaudenay's CBC attack, which is already highly efficient. We demonstrate the vulnerabilities on a number of commercially available cryptographic devices, including security tokens, smartcards and the Estonian electronic ID card. The attacks are efficient enough to be practical: we give timing details for all the devices found to be vulnerable, showing how our optimisations make a qualitative difference to the practicality of the attack. We give mathematical analysis of the effectiveness of the attacks, extensive empirical results, and a discussion of countermeasures.

A Novel Chaotic Encryption Scheme based on Pseudorandom Bit Padding

Abstract: Cryptography is always very important in data origin authentications, entity authentication, data integrity and confidentiality. In recent years, a variety of chaotic cryptographic schemes have been proposed. These schemes have typical structure which performed the permutation and the diffusion stages, alternatively. The random number generators are intransitive in cryptographic schemes and be used in the diffusion functions of the image encryption for diffused pixels of plain image. In this paper, we propose a chaotic encryption scheme based on pseudorandom bit padding that the bits be generated by a novel logistic pseudorandom image algorithm. To evaluate the security of the cipher image of this scheme, the key space analysis, the correlation of two adjacent pixels and differential attack were performed. This scheme tries to improve the problem of failure of encryption such as small key space and level of security.

Authenticated-Encryption with padding: a formal security treatment

Abstract: Vaudenay's padding oracle attacks are a powerful type of side-channel attack against systems using CBC mode encryption. They have been shown to work in practice against certain implementations of important secure network protocols, including IPsec and SSL/TLS. A formal security analysis of CBC mode in the context of padding oracle attacks in the chosen-plaintext setting was previously performed by the authors. In this paper, we consider the chosen-ciphertext setting, examining the question of how CBC mode encryption, padding, and an integrity protection mechanism should be combined in order to provably defeat padding oracle attacks. We introduce new security models for the chosen-ciphertext setting which we then use to formally analyse certain authenticated-encryption schemes, namely the three compositions: Pad-then-Encrypt-then-Authenticate (as used in particular configurations of IPsec), Pad-then-Authenticate-then-Encrypt, and Authenticate-then-Pad-then-Encrypt (as used in SSL/TLS).

A New Variant of the Cramer-Shoup Leakage-Resilient Public Key Encryption

Abstract: We present a new variant of the Cramer-Shoup leakage-resilient public key encryption. The proposed scheme is more computational efficient than the original Cramer-Shoup leakage-resilient public key encryption scheme. It enjoys a shorter (public/secret) key length, and a higher relative leakage ratio. The new scheme is proved semantically secure against adaptive chosen cipher text attack in the standard model under the decisional Diffie-Hellman assumption.

Weakness of provably secure searchable encryption against frequency analysis

Abstract: There are encryption schemes called searchable encryption schemes. We can prove the security of these schemes based on a security model. However, we face the risk of the frequency analysis in some constructions because these schemes encrypt the keywords per word in the file as well as itself. In this attack, we assume an adversary knows the frequency distribution of plaintexts (i.e., keywords), and an adversary measures the frequency of the ciphertext and guesses the plaintext by comparing the frequency of the plaintext with it. In this work, we apply this attack to the existing works and evaluate the resistance of the searchable encryption to this attack by considering the difference between the deterministic encryption and the probabilistic encryption, and the supported types of searches.

Sufficient Conditions on Padding Schemes of Sponge Construction and Sponge-Based Authenticated-Encryption Scheme

Abstract: The sponge construction, designed by Bertoni, Daemen, Peeters, and Van Assche, is the hash domain extension, which allows any hash-output size, and it was also adopted as the hash mode for several concrete hash algorithms. For its security reason, they showed that its padding scheme is required to be injective, reversible, and the last block of a padded message is non-zero. However, firstly we will show that if the output size is less than or equal to the one-block size, then any injective and reversible padding scheme is sufficient. In particular, only for any message whose size is a multiple of block-length, we can take the identity function (which is also injective and reversible) as its padding scheme. Next, we take a look at the padding scheme of SpongeWrap which is a sponge-based authenticated encryption scheme and designed by the same authors. Since the padding scheme of SpongeWrap is inspired by that of the sponge construction, it requires that the padding scheme of SpongeWrap calls its underlying padding scheme for every message block, where the underlying padding scheme is also required to be injective, reversible, and the last block of a padded message is non-zero. In addition, the padding scheme of SpongeWrap includes additional frame bits for the privacy and authenticity of SpongeWrap. So, the padding scheme of SpongeWrap consists of its underlying padding scheme and frame bits. However, secondly, we will show that the non-zero condition on the underlying padding scheme is redundant, in other words, any injective and reversible padding scheme is sufficient for the underlying padding scheme.

Automated Analysis and Synthesis of Padding-Based Encryption Schemes.

Abstract: Verifiable security is an emerging approach in cryptography that advocates the use of principled tools for building machine-checked security proofs of cryptographic constructions. Existing tools following this approach, such as EasyCrypt or CryptoVerif, fall short of finding proofs automatically for many interesting constructions. In fact, devising automated methods for analyzing the security of large classes of cryptographic constructions is a long-standing problem which precludes a systematic exploration of the space of possible designs. This paper addresses this issue for padding-based encryption schemes, a class of public-key encryption schemes built from hash functions and trapdoor permutations, which includes widely used constructions such as RSA-OAEP. Firstly, we provide algorithms to search for proofs of security against chosen-plaintext and chosenciphertext attacks in the random oracle model. These algorithms are based on domain-specific logics with a computational interpretation and yield quantitative security guarantees; for proofs of chosenplaintext security, we output machine-checked proofs in EasyCrypt. Secondly, we provide a crawler for exhaustively exploring the space of padding-based encryption schemes under user-specified restrictions (e.g. on the size of their description), using filters to prune the search space. Lastly, we provide a calculator that computes the security level and efficiency of provably secure schemes that use RSA as trapdoor permutation. Using these three tools, we explore over 1.3 million encryption schemes, including more than 100 variants of OAEP studied in the literature, and prove chosen-plaintext and chosen-ciphertext security for more than 250,000 and 17,000 schemes, respectively. IMDEA Software Institute, Spain. E-mail: {gilles.barthe,juanmanuel.crespo,cesar.kunz}@imdea.org INRIA Sophia Antipolis – Mediterranee, France. E-mail: benjamin.gregoire@inria.fr Universite de Grenoble, VERIMAG, France. E-mail: yassine.lakhnech@imag.fr Microsoft Research, UK. E-mail: santiago@microsoft.com

Discussion of New Padding Method in DES Encryption

Abstract: DES is a kind of block cipher and before DES encryption the plain text be divided into the same-size blocks. But sometimes the plain text can’t be divided into the exactly size. So padding step is needed to pad the space of the block. The discussion of the block padding is the emphasis of this paper. A new padding method is given and at the last part of the paper the implementation of DES using new padding method is given.

Chosen Plaintext Attack for Hyper-chaotic System Image Encryption Algorithm

Abstract: Hyper-chaotic system image encryption algorithm HYPER_HIE uses elementary transformation and exjunction to encrypt,so it is difficult to resist various attacks.Aiming at three steps of HYPER_HIE including key generation,pixel scrambling,image diffusion and confusion,this paper chooses three kinds of plaintext matrixes to do chosen plaintext attack without knowing encryption key.An instance shows that the attack method can decode ciphertext with low computing costs.

A Simple and Effective Scheme of Ciphertext-Policy ABE

Abstract: Since more sensitive data are stored and shared on third-party sites, we may need a system capable of one-to-many communication and data encryption without knowing specific recipients. However, the traditional public key crypto system and broadcast encryption system can't solve both of the problems at the same time. Attribute-Based Encryption (ABE) offers both of the desired abilities. In this paper, we present a simple and effective scheme of Cipher text-Policy Attribute-Based Encryption (CP-ABE), where access structures are single AND gates on positive and negative attributes and the size of access structure is fixed. Our scheme can be proven chosen plaintext attack (CPA) secure under the decisional bilinear Diffie-Hellman (DBDH) assumption. In addition, we provide an implementation of our scheme and give performance measurements.

Practical Padding Oracle Attacks on RSA

Abstract: We revise attacks on the RSA cipher based on side-channels that leak partial information about the plaintext. We show how to compute a plaintext when only its parity is leaked. We then describe PKCS#1 v1.5 padding for RSA and we show that the simple leakage of padding errors is enough to recover the whole plaintext, even when it is unpadded or padded under another scheme. This vulnerability is well-known since 1998 but the flawed PKCS#1 v1.5 padding is still broadly in use. We discuss recent optimizations of this padding oracle attack that make it effective on commercially available cryptographic devices. We illustrate through many examples and fragments of code.