文档介绍
SESSIONID:SESSIONID:CRYP-T08UniversalForgeryAttackagainstGCM-RUP121YanbinLi,Ga毛tanLeurent,MeiqinWang,111WeiWang,GuoyanZhang,YuLiuPresentedbyFerdinandSibleyras1ShandongUniversity,ChinaPh.D.Student2Inria,FranceInria,France#RSAC#RSAC#RSAC#RSACUniversalForgeryAttackagainstGCM-RUPYanbinLi,Ga毛tanLeurent,MeiqinWang,WeiWang,GuoyanZhang,YuLiu#RSACOutlineAboutGCM-RUPMotivationandContributionsBriefDescriptionofGCM-RUPPartialAuthenticationKeyRecoveryforGCM-RUPUniversalForgeryAttackofGCM-RUPVariantofGCM-RUP3#RSAC#RSACAboutGCM-RUP#RSACAboutGCM-RUPGCM(Galois/CounterMode)鈥AuthenticatedEncryptionschemefollowingtheEncrypt-then-MACparadigm,proposedbyDworkin鈥Notrobustagainstimplementationerrorsormisuse鈥LoseitssecurityifadevicereleasestheplaintextcorrespondingtoinvalidciphertextbeforeverifyingthetagGCM-RUP鈥Ins