How to Encrypt with a Malicious Random Number Generator

Seny Kamara and Jonathan Katz


Chosen-plaintext attacks on private-key encryption schemes

are currently modeled by giving an adversary access to an oracle that

encrypts a given message m using random coins that are generated uniformly

at random and independently of anything else. This leaves open

the possibility of attacks in case the random coins are poorly generated

(e.g., using a faulty random number generator), or are under partial adversarial

control (e.g., when encryption is done by lightweight devices

that may be captured and tampered with).

We introduce new notions of security modeling such attacks, propose two

concrete schemes meeting our definitions, and show generic transformations

for achieving security in this context.


Publication typeInproceedings
Published inIACR workshop on Fast Software Encryption (FSE '08)
SeriesLecture Notes in Computer Science
PublisherSpringer Verlag
> Publications > How to Encrypt with a Malicious Random Number Generator