Partitioning Oracle Attacks

Speaker: Julia Len , Cornell Tech

Date: Thursday, March 11, 2021

Time: 2:00 PM to 3:00 PM Note: all times are in the Eastern Time Zone

Public: Yes


Event Type: Seminar

Room Description:

Host: Srini Devadas, CSAIL

Contact: Kyle L Hogan,

Relevant URL:

Speaker URL: None

Speaker Photo:

Reminders to:,

Reminder Subject: TALK: Partitioning Oracle Attacks

In this paper we introduce partitioning oracles, a new class of decryption error oracles which, conceptually, take a ciphertext as input and output whether the decryption key belongs to some known subset of keys. We introduce the first partitioning oracles which arise when encryption schemes are not committing with respect to their keys. We detail novel adaptive chosen ciphertext attacks that exploit partitioning oracles to efficiently recover passwords and de-anonymize anonymous communications. The attacks utilize efficient key multi-collision algorithms — a cryptanalytic goal that we define — against widely used authenticated encryption with associated data (AEAD) schemes, including AES-GCM, XSalsa20/Poly1305, and ChaCha20/Poly1305. We build a practical partitioning oracle attack that quickly recovers passwords from Shadowsocks proxy servers. We also survey early implementations of the OPAQUE protocol for password-based key exchange, and show how many could be vulnerable to partitioning oracle attacks due to in-correctly using non-committing AEAD. Our results suggest that the community should standardize and make widely available committing AEAD to avoid such vulnerabilities.


Topic: CSAIL Security Seminar
Time: This is a recurring meeting Meet anytime

Join Zoom Meeting

Password: <3security

One tap mobile
+16465588656,,97527284254# US (New York)
+16699006833,,97527284254# US (San Jose)

Meeting ID: 975 2728 4254

US : +1 646 558 8656 or +1 669 900 6833

International Numbers:

Join by SIP

Join by Skype for Business

Research Areas:
Security & Cryptography

Impact Areas:

See other events that are part of the CSAIL Security Seminar Series 2021.

Created by Kyle L Hogan Email at Thursday, February 25, 2021 at 3:13 PM.