Paper 2005/033

An Attack on CFB Mode Encryption As Used By OpenPGP

Serge Mister and Robert Zuccherato

Abstract

This paper describes an adaptive-chosen-ciphertext attack on the Cipher Feedback (CFB) mode of encryption as used in OpenPGP. In most circumstances it will allow an attacker to determine 16 bits of any block of plaintext with about $2^{15}$ oracle queries for the initial setup work and $2^{15}$ oracle queries for each block. Standard CFB mode encryption does not appear to be affected by this attack. It applies to a particular variation of CFB used by OpenPGP. In particular it exploits an ad-hoc integrity check feature in OpenPGP which was meant as a "quick check" to determine the correctness of the decrypting symmetric key.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
applicationscryptanalysis
Contact author(s)
robert zuccherato @ entrust com
History
2005-02-10: received
Short URL
https://ia.cr/2005/033
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2005/033,
      author = {Serge Mister and Robert Zuccherato},
      title = {An Attack on CFB Mode Encryption As Used By OpenPGP},
      howpublished = {Cryptology ePrint Archive, Paper 2005/033},
      year = {2005},
      note = {\url{https://eprint.iacr.org/2005/033}},
      url = {https://eprint.iacr.org/2005/033}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.