|
A chosen ciphertext attack is an attack on a cryptosystem in which the cryptanalyst chooses ciphertext and causes it to be decrypted with an unknown key.
For a self-synchronizing stream cipher, a chosen ciphertext attack can be useful as the key used to encipher each byte depends on the previous ciphertext. It is possible to use a chosen ciphertext attack to get an arbitrary message signed with RSA, if messages are signed without hashing.
An adaptive chosen ciphertext attack sends a large number of ciphertexts to be decrypted, using the results of these decryptions to select subsequent ciphertexts, and gradually reveal information about an encrypted message, or about the encryption key itself. These attacks can be mounted against various public-key schemes, including RSA. They can be prevented through the correct use of hashing and redundancy checks.
|
