News & Events
UK-SPS Seminar - 26th January Title: On the (In)Security of ElGamal in OpenPGP
Happy new year! This was the 1st UK-SPS Seminar of the year.
Title: On the (In)Security of ElGamal in OpenPGP
Speaker: Luca De Feo (IBM Research)
Abstract: Do you think you know ElGamal encryption? Think twice.
We uncover vulnerabilities in the OpenPGP ecosystem stemming from confusion about the definition of ElGamal encryption (and the lack of an unequivocable standard). The first vulnerability leads to practical plaintext recovery in a limited number of cases. The second one, combined with side-channel leakage we found in some popular OpenPGP libraries, leads to feasible key recovery, in relatively rare cases.
We hope that these attacks, that we dub "cross-configuration", serve as a cautionary tale for standards designers. Cryptographic algorithms, even when they may appear very simple, hide a great deal of complexity in the choices of parameters and data representation. While an instantiation may appear to be safe in isolation, the interaction of two incompatible instantiations may lead to a security disaster, which can only be avoided by a carefully written standard.
Joint work with Bertram Poettering and Alessandro Sorniotti.
Bio: Luca De Feo received his PhD from École Polytechnique (France) in 2010, with a thesis on computer algebra and computational number theory. He then joined Université de Versailles (France) in 2011 as Assistant Professor, where he kept working on computer algebra and cryptography. He is currently employed at IBM Research, where he works on post-quantum cryptography and related topics.
Please feel free to forward to others who might be interested.
UK-SPS is an inter-university seminar series on cyber security and privacy. Seminar details are also advertised on our website, calendar and Twitter, and recordings will be available on our YouTube channel afterwards.
Confirmed speakers in the coming weeks include: Omar Haider Chowdhury (University of Iowa), Yuzhe Tang (Syracuse), Nick Nikiforakis (Stony Brook), Bo Li (Illinois, Urbana-Champaign), Elissa M. Redmiles (Max Planck Institute for Software Systems), and Ben Zhao (Chicago).
Last modified: Mon, 31 Jan 2022 10:41:20 GMT