[Top] [All Lists]

[openpgp] De Feo, Poettering, Sorniotti: On the (in)security of ElGamal in OpenPGP

2021-07-12 07:08:36

there is a new preprint on cross-configuration attacks due to different
choices of Elgamal Key and Encryption parameters in OpenPGP and its

Luca De Feo and Bertram Poettering and Alessandro Sorniotti, On the
(in)security of ElGamal in OpenPGP (2021)


Roughly four decades ago, Taher ElGamal put forward what is today one of
the most widely known and best understood public key encryption schemes.
ElGamal encryption has been used in many different contexts, chiefly
among them by the OpenPGP standard. Despite its simplicity, or perhaps
because of it, in reality there is a large degree of ambiguity on
several key aspects of the cipher. Each library in the OpenPGP ecosystem
seems to have implemented a slightly different “flavour” of ElGamal
encryption. While –taken in isolation– each implementation may be
secure, we reveal that in the interoperable world of OpenPGP, unforeseen
cross-configuration attacks become possible. Concretely, we propose
different such attacks and show their practical efficacy by recovering
plaintexts and even secret keys.

The authors say in the introduction: "Our research is timely since a new
version of the OpenPGP standard is currently being discussed [18]; we
hope that our findings will influence that discussion."

Dipl.-Math. Marcus Brinkmann

Lehrstuhl für Netz- und Datensicherheit
Ruhr Universität Bochum
Universitätsstr. 150, Geb. ID 2/461
D-44780 Bochum

Telefon: +49 (0) 234 / 32-25030

openpgp mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [openpgp] De Feo, Poettering, Sorniotti: On the (in)security of ElGamal in OpenPGP, Marcus Brinkmann <=