Back to Search Start Over

On the (In)Security of ElGamal in OpenPGP

Authors :
Bertram Poettering
Luca De Feo
Alessandro Sorniotti
Source :
CCS
Publication Year :
2023
Publisher :
Association for Computing Machinery (ACM), 2023.

Abstract

Roughly four decades ago, Taher ElGamal put forward what is today one of the most widely known and best understood public key encryption schemes. ElGamal encryption has been used in many different contexts, chiefly among them by the OpenPGP email encryption standard. Despite its simplicity, or perhaps because of it, in reality there is a large degree of ambiguity on several key aspects of the cipher. Each library in the OpenPGP ecosystem seems to have implemented a slightly different "flavor" of ElGamal encryption. While-taken in isolation-each implementation may be secure, we reveal that in the interoperable world of OpenPGP, unforeseen cross-configuration attacks become possible. Concretely, we propose different such attacks and show their practical efficacy by recovering plaintexts and even secret keys.

Subjects

Subjects :
Modular exponentiation
General Computer Science
business.industry
Computer science
media_common.quotation_subject
Interoperability
Ambiguity
Computer security
computer.software_genre
Public-key cryptography
Cipher
Side channel attack
Simplicity
business
computer
ElGamal encryption
media_common

Details

ISSN :
15577317 and 00010782
Volume :
66
Database :
OpenAIRE
Journal :
Communications of the ACM
Accession number :
edsair.doi.dedup.....b8d90bed8b38f01f911d6e905f765f31
Full Text :
https://doi.org/10.1145/3592835
Full Text Access
View/download PDF

Tools

Authors Abstract Subjects Details