Skip to Main Content

Using SMT Solvers to Automate Chosen-Ciphertext Attacks

Matthew Green
Computer Science Department
Johns Hopkins University

Friday, September 4, 2020
remotely via WebEx:

A recording of the talk can be found here.


We investigate the problem of automating the development of adaptive chosen-ciphertext attacks on systems that contain vulnerable format oracles. Rather than simply automate the execution of known attacks, we consider a more challenging problem: to programmatically derive a novel attack strategy, given only a machine-readable description of the plaintext verification function and the malleability characteristics of the encryption scheme. We present a new set of algorithms that use SAT and SMT solvers to reason deeply over the design of the system, producing an automated attack strategy that can decrypt protected messages entirely.

About the Speaker:

Matthew Green is an Associate Professor at the Johns Hopkins Information Security Institute. His research includes techniques for privacy-enhanced information storage, anonymous payment systems, and bilinear map-based cryptography. He is one of the creators of the Zerocash protocol, which is used by the Zcash cryptocurrency, and a founder of an encryption startup Zeutro. He was formerly a partner in Independent Security Evaluators, a custom security evaluation and design consultancy, and currently consults independently. From 1999-2003, he served as a senior technical staff member at AT&T Laboratories/Research in Florham Park, NJ.


Dr. Green writes a popular blog on applied cryptography:


Alan T. Sherman:

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.