Chosen Ciphertext Attacks
- This type of attack exploits properties of the RSA algorithm.
- The adversary could select a plaintext, encrypt it with the target’s public key, and then gets the plaintext back by having it decrypted with the private key.
- This provides no new information. Instead, the adversary exploits properties of RSA and selects blocks of data that, when processed using the target’s private key, gives the information needed for cryptanalysis.
- An example of one such attack is that the attacker exploits the following property of RSA.
E(PU,M1)× E(PU,M2) = E(PU, [M1 × M2])
- Compute X = (C×2e) mod n.
- Submit X as a chosen ciphertext and receive back Y = Xd mod n o But now note that
X =(C mod n) * (2emod n)
= (Me mod n) * (2emod n)
X = (2M)e mod n
- Therefore, Y = (2M) mod n.
- To overcome this simple attack, randomly pad the plaintext before encryption.
- This randomizes the ciphertext so that the Equation no longer holds.
Man-in-the-Middle Attack: Chosen Ciphertext Attacks
- Suppose A and B wish to exchange keys, and E is the attacker.
- The attack proceeds as follows.
- E generates two random private keys XE1 and XE2 then computing the corresponding public keys YE1 and YE2.
- A transmits YA to B.
- E intercepts YA and transmits ‘ YE1 to B.
- B receives YE1 and calculates K1= (YE1)XBmod q.
- B transmits YBto A.
- E intercepts YBand transmits YE2 to A.
- A receivesYE2 and calculates K2= (YE2)XA mod q.
- E also calculates K1= (YB)XE1mod q and K2= (YA)XE2 mod q
- At this point, B and A think that they share a secret key, but instead Band E share secret key and A and E share a secret key.
- All future communication between B and A is compromised in the following way.
- A sends an encrypted message M as E(K2, M).
- E intercepts the encrypted message and decrypts it to recover M.
- E sends E(K1, M) or E(K1, M’) to B, where M’ is any message.
- The key exchange protocol is vulnerable to such an attack because it does not authenticate the participants.
- This vulnerability can be overcome with the use of digital signatures and public-key certificates.