A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis where the cryptanalyst can gather information by obtaining the decryptions of chosen...

An adaptive chosen-ciphertext attack (abbreviated as CCA2) is an interactive form of chosen-ciphertext attack in which an attacker first sends a number...

A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker can obtain the ciphertexts for arbitrary plaintexts...

distinguish pairs of ciphertexts based on the message they encrypt. The property of indistinguishability under chosen plaintext attack is considered a basic...

Adaptive chosen-ciphertext attack Indifferent chosen-ciphertext attack Related-key attack: similar to a chosen-plaintext attack, except the attacker can obtain...

the first efficient scheme proven to be secure against adaptive chosen ciphertext attack using standard cryptographic assumptions. Its security is based...

cryptography, a padding oracle attack is an attack which uses the padding validation of a cryptographic message to decrypt the ciphertext. In cryptography, variable-length...

multiplicative property, a chosen-ciphertext attack is possible. E.g., an attacker who wants to know the decryption of a ciphertext c ≡ me (mod n) may ask...

plaintext attack Chosen plaintext attack Chosen ciphertext attack Adaptive chosen ciphertext attack Topics in cryptography "Active and Passive attacks in Information...

of web servers at the time. This attack was the first practical reason to consider adaptive chosen-ciphertext attacks. In 2006 at a rump session at CRYPTO...

required in the chosen-plaintext attack. Chosen-ciphertext attack (CCA) - in this attack the analyst can choose arbitrary ciphertext and have access to...

messages m1 and m2 such that hash(m1) = hash(m2). More generally: Chosen-prefix collision attack Given two different prefixes p1 and p2, find two suffixes s1...

to the Adaptive chosen ciphertext attack. Related-key attack: Like a chosen-plaintext attack, except the attacker can obtain ciphertexts encrypted under...

"plaintext awareness" (which they claimed implies security against chosen ciphertext attack) in the random oracle model when OAEP is used with any trapdoor...

security against chosen ciphertext attacks have also been proposed. The Cramer–Shoup cryptosystem is secure under chosen ciphertext attack assuming DDH holds...

plaintext. Naive attempts to work around this often either enable a chosen-ciphertext attack to recover the secret key or, by encoding redundancy in the plaintext...

applying a MAC to the ciphertext (the Encrypt-then-MAC approach) implies security against an adaptive chosen ciphertext attack, provided that both functions...

adaptive chosen-ciphertext attack may intelligently combine many different specific bit errors to break the cipher mode. In Padding oracle attack, CBC can...

adaptive chosen-ciphertext attack (IND-CCA2 security) has become the "golden standard" of security.: 566  The most obvious key-recovery attack is the exhaustive...

Security of a KEM is quantified by its indistinguishability against chosen-ciphertext attack, IND-CCA, which is loosely how much better an adversary can do...

equivalent to another definition of security called ciphertext indistinguishability under chosen-plaintext attack. This latter definition is more common than...

chosen plaintext attacks or even non-adaptive chosen ciphertext attacks (CCA1) while still being malleable. However, security against adaptive chosen...

Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack" (PDF). SIAM Journal on Computing. 33 (1): 167–226. CiteSeerX 10...

vulnerable to both chosen plaintext and chosen ciphertext attacks. These vulnerabilities arise from the cipher's reliance on previous ciphertext blocks for keystream...

plaintext-aware is actually secure against a chosen-ciphertext attack, since any adversary that chooses ciphertexts would already know the plaintexts associated...

notable for initiating research on public key systems secure against chosen ciphertext attack and creating non-malleable cryptography, visual cryptography (with...

corresponding ciphertext (perhaps many times); an example is gardening, used by the British during WWII. In a chosen-ciphertext attack, Eve may be able...

indistinguishability under chosen-ciphertext attack (IND-CCA) or authenticated encryption. The researchers stressed that the attack was of a theoretical nature...

speed of decryption, see CRT-RSA. Encryption of a message M produces the ciphertext C ≡ M e ( mod N ) {\displaystyle C\equiv M^{e}{\pmod {N}}} , which can...

the attacker has substantial information about the messages being encrypted. For example, even if an attacker knows that an intercepted ciphertext encrypts...