Information About

Malleability (cryptography)
APPAREL
BABY
BEAUTY
BOOKS
CAR TOYS
CELL PHONES
DVD'S
ELECTRONICS
GOURMET FOOD
GROCERIES
HEALTH & PERSONAL
HOME & GARDEN
JEWELRY
MUSIC
MUSIC INSTRUMENTS
OFFICE PRODUCTS
SOFTWARE
SPORTING GOODS
TOOLS & HARDWARE
TOYS
VIDEO GAMES
SHOPPING HOME
MORE SHOPPING...



A malleable encryption algorithm allows transformations on the ciphertext to produce meaningful changes in the plaintext. That is, given a Plaintext P and the corresponding Ciphertext C = E(P), it is possible to generate C_1 = f(C) so that the decryption of C_1 is a function P_1 = f'(P) of the original plaintext P, with arbitrary but known functions f and f'.

Stream Cipher s are examples of malleable encryption algorithms. In a stream cipher, the ciphertext is produced by taking the Exclusive Or of the plaintext and a stream based on a secret key (C = P \oplus S(K)). Given an arbitrary P_1, it is possible to generate C_1 = C \oplus P \oplus P_1.

Malleability is an undesirable property in a general-purpose cryptosystem, since it allows an attacker to modify the contents of a message. For example, suppose that a bank uses a stream cipher to hide its financial information, and a user sends an encrypted message containing, say, "TRANSFER $0000100.00 TO ACCOUNT #199." If an attacker can modify the message on the wire, and can guess the format of the unencrypted message, the attacker can change the amount of the transaction, or the recipient of the funds.

Other malleable encryption algorithms include:

RSA . If the attacker obtains the ciphertext (C = P^e \mod{n} where m is the
plaintext and n is the public modulus) the attacker can produce the ciphertext C_1
corresponding to any P_1 = k P by multiplying the original ciphertext by k^e \mod{n}.
For this reason, RSA is commonly used together with padding methods such as
OAEP or PKCS1.

It is possible to build non-malleable encryption algorithms from malleable ones.