密码学原理_学习笔记
来源:互联网 发布:分类信息网群发软件 编辑:程序博客网 时间:2024/05/18 01:44
Varieties of chosen-ciphertext attacks
Lunchtime attacks
A specially noted variant of the chosen-ciphertext attack is the “lunchtime”, “midnight”, or “indifferent” attack, in which an attacker may make adaptive chosen-ciphertext queries but only up until a certain point, after which the attacker must demonstrate some improved ability to attack the system. The term “lunchtime attack” refers to the idea that a user’s computer, with the ability to decrypt, is available to an attacker while the user is out to lunch. This form of the attack was the first one commonly discussed: obviously, if the attacker has the ability to make adaptive chosen ciphertext queries, no encrypted message would be safe, at least until that ability is taken away. This attack is sometimes called the “non-adaptive chosen ciphertext attack”; here, “non-adaptive” refers to the fact that the attacker cannot adapt their queries in response to the challenge, which is given after the ability to make chosen ciphertext queries has expired.
Adaptive chosen-ciphertext attack
Main article: Adaptive chosen-ciphertext attack
A (full) adaptive chosen-ciphertext attack is an attack in which ciphertexts may be chosen adaptively before and after a challenge ciphertext is given to the attacker, with only the stipulation that the challenge ciphertext may not itself be queried. This is a stronger attack notion than the lunchtime attack, and is commonly referred to as a CCA2 attack, as compared to a CCA1 (lunchtime) attack. Few practical attacks are of this form. Rather, this model is important for its use in proofs of security against chosen-ciphertext attacks. A proof that attacks in this model are impossible implies that any realistic chosen-ciphertext attack cannot be performed.
A practical adaptive chosen-ciphertext attack is the Bleichenbacher attack against PKCS#1.
Numerous cryptosystems are proven secure against adaptive chosen-ciphertext attacks, some proving this security property based only on algebraic assumptions, some additionally requiring an idealized random oracle assumption. For example, the Cramer-Shoup system is secure based on number theoretic assumptions and no idealization, and after a number of subtle investigations it was also established that the practical scheme RSA-OAEP is secure under the RSA assumption in the idealized random oracle model.
- 密码学原理_学习笔记
- 密码学学习笔记
- 密码学基础知识(学习笔记)
- 密码学逆向&miracl学习笔记--RSA200
- 密码学基本概念与信息理论基础学习笔记
- 密码学笔记
- 密码学笔记
- 密码学笔记
- 密码学笔记
- 密码学笔记
- 【机器学习_学习笔记】朴素贝叶斯原理
- 学习密码学
- 密码学笔记1 密码学发展
- 密码学_概述_01
- 密码学_ 摩擦摩擦
- 密码学_小case
- 黑马程序员_学习笔记BufferedReader类的原理
- 《程序员密码学》 学习笔记 - 02 - ASN.1编码学习
- Codeforces 276E Little Girl and Problem on Trees【线段树+Bfs序+Dfs序】好题!
- 使用msysgit托管工具将项目托管到GitHub
- 简单介绍使用BaseRecyclerViewAdapterHelper
- memset
- 几种常用的优化方法梯度下降法、牛顿法、)
- 密码学原理_学习笔记
- (转)PC键盘在Mac下Command/Option键切换
- 每日一题--数字在排序数组中出现的次数
- spring: 客户端请求报 "HTTP 415" 错误 之 解法
- HDU6198 number number number
- #CCF准备一年日常刷题#201312-2 ISBN号码
- 了解dom:DOM全称为The Document Object Model
- 笔记-拿向量存索引的树
- Jenkins Mail 设置