Partitioning Oracle Attacks

Speaker: Julia Len , Cornell Tech

Date: Thursday, March 11, 2021

Time: 2:00 PM to 3:00 PM Note: all times are in the Eastern Time Zone

Public: Yes

Location:

Event Type: Seminar

Room Description:

Host: Srini Devadas, CSAIL

Contact: Kyle L Hogan, klhogan@csail.mit.edu

Relevant URL:

Speaker URL: None

Speaker Photo:
None

Reminders to: seminars@csail.mit.edu, jlen@cs.cornell.edu

Reminder Subject: TALK: Partitioning Oracle Attacks

Abstract:
In this paper we introduce partitioning oracles, a new class of decryption error oracles which, conceptually, take a ciphertext as input and output whether the decryption key belongs to some known subset of keys. We introduce the first partitioning oracles which arise when encryption schemes are not committing with respect to their keys. We detail novel adaptive chosen ciphertext attacks that exploit partitioning oracles to efficiently recover passwords and de-anonymize anonymous communications. The attacks utilize efficient key multi-collision algorithms — a cryptanalytic goal that we define — against widely used authenticated encryption with associated data (AEAD) schemes, including AES-GCM, XSalsa20/Poly1305, and ChaCha20/Poly1305. We build a practical partitioning oracle attack that quickly recovers passwords from Shadowsocks proxy servers. We also survey early implementations of the OPAQUE protocol for password-based key exchange, and show how many could be vulnerable to partitioning oracle attacks due to in-correctly using non-committing AEAD. Our results suggest that the community should standardize and make widely available committing AEAD to avoid such vulnerabilities.

Zoom:

Topic: CSAIL Security Seminar
Time: This is a recurring meeting Meet anytime

Join Zoom Meeting
https://mit.zoom.us/j/97527284254

Password: <3security

One tap mobile
+16465588656,,97527284254# US (New York)
+16699006833,,97527284254# US (San Jose)

Meeting ID: 975 2728 4254

US : +1 646 558 8656 or +1 669 900 6833

International Numbers: https://mit.zoom.us/u/auBvg4NEV

Join by SIP
97527284254@zoomcrc.com

Join by Skype for Business
https://mit.zoom.us/skype/97527284254

Research Areas:
Security & Cryptography

Impact Areas:
Cybersecurity

See other events that are part of the CSAIL Security Seminar Series 2021.

Created by Kyle L Hogan Email at Thursday, February 25, 2021 at 3:13 PM.