OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

dss-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: DSS as a encryption/decryption oracle.

I scanned the list archives and maybe I missed it, but has there been  
any discussion about DSS effectively being an oracle for both chosen  
plaintext and chosen ciphertext attacks?


Since the document hash is encrypted with the service's private key,  
this hash can be a chosen plaintext.  Since the resulting ciphertext  
is returned to the attacker, DSS acts as an encryption oracle  
enabling both batch and adaptive chosen-plaintext attacks.

Additionally, this mode of attack can double as a chosen-ciphertext  
attack, where the hash submitted is treated as a ciphertext for the  
purposes of cryptanalysis.  In this mode, the response is treated as  
a plaintext, and DSS acts as a decryption oracle enabling both  
indifferent and adaptive chosen-plaintext attacks.

Further, since the public and private keys operations are inverses of  
each other, it may be possible for an attacker to choose a plaintext,  
encrypt it with the DSS public key, alter the result to produce  
chosen ciphertexts, and submit them to DSS for decryption.  This is a  
mode of cryptanalysis that is very unusual, and I'm unsure of the  

-- Tim


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]