Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
How to Encrypt with a Malicious Random Number Generator

Seny Kamara and Jonathan Katz


Chosen-plaintext attacks on private-key encryption schemes are currently modeled by giving an adversary access to an oracle that encrypts a given message m using random coins that are generated uniformly at random and independently of anything else. This leaves open the possibility of attacks in case the random coins are poorly generated (e.g., using a faulty random number generator), or are under partial adversarial control (e.g., when encryption is done by lightweight devices that may be captured and tampered with).

We introduce new notions of security modeling such attacks, propose two concrete schemes meeting our definitions, and show generic transformations for achieving security in this context.


Publication typeInproceedings
Published inIACR workshop on Fast Software Encryption (FSE '08)
SeriesLecture Notes in Computer Science
PublisherSpringer Verlag
> Publications > How to Encrypt with a Malicious Random Number Generator