[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: DSS as a encryption/decryption oracle.
I scanned the list archives and maybe I missed it, but has there been any discussion about DSS effectively being an oracle for both chosen plaintext and chosen ciphertext attacks? Consider: Since the document hash is encrypted with the service's private key, this hash can be a chosen plaintext. Since the resulting ciphertext is returned to the attacker, DSS acts as an encryption oracle enabling both batch and adaptive chosen-plaintext attacks. Additionally, this mode of attack can double as a chosen-ciphertext attack, where the hash submitted is treated as a ciphertext for the purposes of cryptanalysis. In this mode, the response is treated as a plaintext, and DSS acts as a decryption oracle enabling both indifferent and adaptive chosen-plaintext attacks. Further, since the public and private keys operations are inverses of each other, it may be possible for an attacker to choose a plaintext, encrypt it with the DSS public key, alter the result to produce chosen ciphertexts, and submit them to DSS for decryption. This is a mode of cryptanalysis that is very unusual, and I'm unsure of the implications. -- Tim
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]