https://www.usenix.org/conference/usenixsecurity21/presentation/len * Sign In * Conferences [sec21_wordmar] * Program + Summer Accepted Papers * Participate + Call for Papers + Submission Policies and Instructions + Call for Artifacts + Artifact Evaluation Information + Instructions for Presenters * Sponsors * About + Symposium Organizers + Past Symposia + Conference Policies + Code of Conduct + Questions Partitioning Oracle Attacks We at USENIX assert that Black lives matter: Read the USENIX Statement on Racism and Black, African-American, and African Diaspora Inclusion. Authors: Julia Len, Paul Grubbs, and Thomas Ristenpart, Cornell Tech Abstract: In this paper we introduce partitioning oracles, a new class of decryption error oracles which, conceptually, take a ciphertext as input and output whether the decryption key belongs to some known subset of keys. Partitioning oracles can arise when encryption schemes are not committing with respect to their keys. We detail adaptive chosen ciphertext attacks that exploit partitioning oracles to efficiently recover passwords and de-anonymize anonymous communications. The attacks utilize efficient key multi-collision algorithms--a cryptanalytic goal that we define--against widely used authenticated encryption with associated data (AEAD) schemes, including AES-GCM, XSalsa20/Poly1305, and ChaCha20/Poly1305. We build a practical partitioning oracle attack that quickly recovers passwords from Shadowsocks proxy servers. We also survey early implementations of the OPAQUE protocol for password-based key exchange, and show how many could be vulnerable to partitioning oracle attacks due to incorrectly using non-committing AEAD. Our results suggest that the community should standardize and make widely available key-committing AEAD to avoid such vulnerabilities. Open Access Media USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access. BibTeX @inproceedings {263884, title = {Partitioning Oracle Attacks}, booktitle = {30th {USENIX} Security Symposium ({USENIX} Security 21)}, year = {2021}, address = {Vancouver, B.C.}, url = {https://www.usenix.org/conference/usenixsecurity21/ presentation/len}, publisher = {{USENIX} Association}, month = aug, } Download PDF icon Len Paper (Prepublication) PDF * Program + Summer Accepted Papers * Participate + Call for Papers + Submission Policies and Instructions + Call for Artifacts + Artifact Evaluation Information + Instructions for Presenters * Sponsors * About + Symposium Organizers + Past Symposia + Conference Policies + Code of Conduct + Questions TwitterFacebookYoutube * Privacy Policy * Conference Policies * Contact Us (c) USENIX