Chosen ciphertext attack is a scenario in which the attacker has the ability to choose ciphertexts and to view their corresponding decryptions—plaintexts. It is essentially the same scenario as a chosen plaintext attack but applied to a decryption function, instead of the encryption function. The attack is considered to be less practical in real life situations than chosen plaintext attacks.

However, there is no direct correspondence between complexities of chosen plaintext and chosen ciphertext attacks. A cipher may be vulnerable to one attack but not to the other attack or the other way around. Chosen ciphertext attack is a very important scenario in public key cryptography, where known plaintext and even chosen plaintext scenarios are always available to the attacker due to publicly known encryption key. For example, the simple RSA public-key encryption system is not secure against adaptive chosen ciphertext attack.

Since the OBAKE application also supports asymmetric encryption by RSA-Pairs and X509v3-Pairs, it was mandatory to build mechanisms to avoid this type of analysis, both for the asymmetric key and for symmetric ones (secret key), whenever the user license allows it.

One of the most effective way to lead with this scenario is provide "one-time" results for both type of encryptions, even using the same data and key.

The data below represent the encryption of a text file with "PRIVACY AS IT SHOULD BE", using the OBAKE-512 algorithm set to ASYMMETRIC KEY (X509v3 / RSA) and afterward, with a SYMMETRIC KEY (letter "a"). Fot both tests we disable COMPRESSION and COLUMNAR-TRANSPOSE to show algorithm results as raw as possible.

If wished, you can download the used files (which allows you to decrypt this information in your OBAKE application) making sure of our assertion.

SYMMETRIC ANALYSIS

Using the NPCR comparison among the three files symmetrically encrypted with a secret-key ("a"), we got the top rate of different bytes (100%). But, notice that it can sometimes vary since OBAKE-512 utilizes random schemes to avoid repetition in the same file/data but, precisely due to this, it can create some similarities between a single byte and position among files.

ASYMMETRIC ANALYSIS

We used three public certificates as recipients to enhance the analysis of asymmetric encryption. In our research, we also discarded 2810 bytes (from the top of each file) because they are related to HEADER and certificate data.

Using the NPCR comparison among the 609 remaining bytes of these three asymmetric-encrypted files, we got a rate greater than 99% of different bytes. It is an excellent rate, considered secure for this attack - although it can vary once OBAKE-512 utilizes random schemes to avoid repetition in the same file/data. But, precisely due to this, it can create similarities between a single byte and position among several files.

Bibliographic references

H.C.A. Tilborg et al., "Encyclopedia of Cryptography and Security", H. C. A. v. Tilborg Ed., SpringerScience+Business Media LLC, 2011.

D. Bleichenbacher, “Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS#1.” - Advances in Cryptology— CRYPTO’98, Computer Science vol 1462, Springer-Verlag, Berlin, 1998.

A. Biryukov, E. Kushilevitz, "From differential cryptanalysis to cyphertext-only attacks", Advances in Cryptology - CRYPTO '98, Computer Science vol 1462, Springer-Verlag, 1998.

D. R.Stinson, Cryptography - Theory and Practice, Ontario: Chapman & Hall/CRC, 2006.