OFFICIAL COMMENT: Guess Again
188 views
Skip to first unread message
Lorenz Panny
Dec 21, 2017, 5:00:36 PM12/21/17
to pqc-co...@nist.gov, pqc-...@list.nist.gov
Dear all,
the following Python script quickly recovers the message from a given
"Guess Again" ciphertext without knowledge of the private key:
https://yx7.cc/files/guessedonce.py.txt
I have only tried the attack on the ciphertexts in the known-answer
tests file so far, but I think there is no reason to believe that it
does not work in general.
Notice that the attack is solely based on statistical properties of
the ciphertext and does not even require the public key.
The script expects the contents of the KAT archive in the same direc-
tory (but can easily be modified to decrypt other ciphertexts).
-- Lorenz
the following Python script quickly recovers the message from a given
"Guess Again" ciphertext without knowledge of the private key:
https://yx7.cc/files/guessedonce.py.txt
I have only tried the attack on the ciphertexts in the known-answer
tests file so far, but I think there is no reason to believe that it
does not work in general.
Notice that the attack is solely based on statistical properties of
the ciphertext and does not even require the public key.
The script expects the contents of the KAT archive in the same direc-
tory (but can easily be modified to decrypt other ciphertexts).
-- Lorenz
Reply all
Reply to author
Forward
0 new messages