46 min listen
Episode 10: Exploiting Authenticated Encryption Key Commitment!
FromCryptography FM
ratings:
Length:
47 minutes
Released:
Dec 1, 2020
Format:
Podcast episode
Description
Authenticated encryption such as AES-GCM or ChaCha20-Poly1305 is used in a wide variety of applications, including potentially in settings for which it was not originally designed. A question given relatively little attention is whether an authenticated encryption scheme guarantees “key commitment”: the notion that ciphertext should decrypt to a valid plaintext only under the key that was used to generate the ciphertext.
In reality, however, protocols and applications do rely on key commitment. A new paper by engineers at Google, the University of Haifa and Amazon demonstrates three recent applications where missing key commitment is exploitable in practice. They construct AES-GCM ciphertext which can be decrypted to two plaintexts valid under a wide variety of file formats, such as PDF, Windows executables, and DICOM; and the results may shock you.
Links and papers discussed in the show:
* How to Abuse and Fix Authenticated Encryption Without Key Commitment (https://eprint.iacr.org/2020/1456)
* Mitra, Ange's software tool for generating binary polyglots (https://github.com/corkami/mitra)
* Shattered and other research into hash collisions (https://github.com/corkami/collisions)
Music composed by Toby Fox and performed by Sean Schafianski (https://seanschafianski.bandcamp.com/). Special Guests: Ange Albertini and Stefan Kölbl.
In reality, however, protocols and applications do rely on key commitment. A new paper by engineers at Google, the University of Haifa and Amazon demonstrates three recent applications where missing key commitment is exploitable in practice. They construct AES-GCM ciphertext which can be decrypted to two plaintexts valid under a wide variety of file formats, such as PDF, Windows executables, and DICOM; and the results may shock you.
Links and papers discussed in the show:
* How to Abuse and Fix Authenticated Encryption Without Key Commitment (https://eprint.iacr.org/2020/1456)
* Mitra, Ange's software tool for generating binary polyglots (https://github.com/corkami/mitra)
* Shattered and other research into hash collisions (https://github.com/corkami/collisions)
Music composed by Toby Fox and performed by Sean Schafianski (https://seanschafianski.bandcamp.com/). Special Guests: Ange Albertini and Stefan Kölbl.
Released:
Dec 1, 2020
Format:
Podcast episode
Titles in the series (24)
Episode 3: BLAKE3, A Parallelizable Hash Function Using Merkle Trees!: Jack O'Connor and Jean-Philippe Aumasson discuss how Merkle Trees make the new BLAKE3 hash function special, and talk about the design process for the BLAKE family of hash functions in general. by Cryptography FM