What is a chosen-ciphertext attack?

Q: What is a chosen-ciphertext attack?


A: A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis in which the cryptanalyst gathers information, at least in part, by choosing a ciphertext and obtaining its decryption under an unknown key.

Q: Why must implementers be careful to avoid situations in which attackers might be able to decrypt chosen ciphertexts?


A: When a cryptosystem is susceptible to chosen-ciphertext attack, implementers must be careful to avoid situations in which attackers might be able to decrypt chosen ciphertexts (i.e., avoid providing a decryption scheme), as even partially chosen ciphertexts can permit subtle attacks.

Q: Which cryptosystems are vulnerable to attacks when hashing is not used on the message to be signed?


A: Some cryptosystems (such as RSA) use the same mechanism to sign messages and to decrypt them. This permits attacks when hashing is not used on the message to be signed.

Q: What is the better approach to avoid attacks under a chosen-ciphertext attack model?


A: A better approach is to use a cryptosystem which is provably secure under chosen-ciphertext attack, including (among others) RSA-OAEP, Cramer-Shoup and many forms of authenticated symmetric encryption.

Q: What does RSA-OAEP stand for?


A: RSA-OAEP stands for RSA Optimal Asymmetric Encryption Padding.

Q: What is one of the consequences of a cryptosystem being vulnerable to a chosen-ciphertext attack?


A: One of the consequences of a cryptosystem being vulnerable to a chosen-ciphertext attack is that implementers must be careful to avoid situations in which attackers might be able to decrypt chosen ciphertexts (i.e., avoid providing a decryption scheme).

Q: What type of attacks can partially chosen ciphertexts permit?


A: Partially chosen ciphertexts can permit subtle attacks.

AlegsaOnline.com - 2020 / 2023 - License CC3