convergent encryption reconsidered
Leichter, Jerry
leichter_jerrold at emc.com
Fri Mar 21 16:08:18 EDT 2008
| ...Convergent encryption renders user files vulnerable to a
| confirmation-of-a-file attack. We already knew that. It also
| renders user files vulnerable to a learn-partial-information
| attack in subtle ways. We didn't think of this until now. My
| search of the literature suggests that nobody else did either.
The way "obvious in retrospect" applies here: The vulnerability is
closely related to the power of probable plaintext attacks against
systems that are thought to be vulnerable only to known plaintext
attacks. The general principle that needs to be applied is: In any
cryptographic setting, if knowing the plaintext is sufficient to get
some information out of the system, then it will also be possible to get
information out of the system by guessing plaintext - and one must
assume that there will be cases where such guessing is "easy enough".
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list