On the Power of Misbehaving Adversaries and Security Analysis of the Original EPOC


Nowadays, since modern cryptography deals with careful modeling and careful proofs, there may be two levels of cryptanalysis. One, the traditional breaking or weakness demonstration in schemes which are not provably secure. The second level of cryptanalysis, geared towards provably secure schemes, has to do with refining models and showing that a model was either insufficient or somewhat unclear and vague when used in proving systems secure. The best techniques to perform this second type of investigation are still traditional cryptanalysis followed by corrections. In this work, we put forth the second type of cryptanalysis. We demonstrate that in some of the recent works modeling chosen ciphertext security (non-malleability), the notion of validity of ciphertext was left vague. It led to systems where under the model as defined/ understood, it was shown provably secure. Yet, under another (natural) behavior of the adversary, the “provably secure system” is totally broken, since key recovery attack is made possible. We show that this behavior of an adversary is possible and further there are settings (the context of escrowed public key cryptosystems) where it is even highly relevant. We mount the attack against systems which are chosen-ciphertext secure and non-malleable (assuming the adversary probes with valid messages), yet they are “universally” insecure against this attack: namely, the trapdoor key gets known by the adversary (as in Rabin’s system under chosen ciphertext attacks). Specifically, the attack works against EPOC which has been considered for standardization by IEEE P1363 (the authors have already been informed of the attack and our fix to it and will consider this issue in future works). This re-emphasizes that when proving chosen-ciphertext security, allowing invalid ciphertext probes increases the adversary’s power and should be considered as part of the model and in proofs. 2 Marc Joye, Jean-Jacques Quisquater, and Moti Yung

DOI: 10.1007/3-540-45353-9_16

Extracted Key Phrases

2 Figures and Tables

Cite this paper

@inproceedings{Joye2001OnTP, title={On the Power of Misbehaving Adversaries and Security Analysis of the Original EPOC}, author={Marc Joye and Jean-Jacques Quisquater and Moti Yung}, booktitle={CT-RSA}, year={2001} }