Chosen-plaintext attacks on private-key encryption schemes

are currently modeled by giving an adversary access to an oracle that

encrypts a given message m using random coins that are generated uniformly

at random and independently of anything else. This leaves open

the possibility of attacks in case the random coins are poorly generated

(e.g., using a faulty random number generator), or are under partial adversarial

control (e.g., when encryption is done by lightweight devices

that may be captured and tampered with).

We introduce new notions of security modeling such attacks, propose two

concrete schemes meeting our definitions, and show generic transformations

for achieving security in this context.

PDF file

In  IACR workshop on Fast Software Encryption (FSE '08)

Publisher  Springer Verlag
All copyrights reserved by Springer 2007.

Details