Score:1

Is asymmetric decryption guessable?

br flag

I AM an amateur (for some reason, I have originaly written "I am not"... embarassing, sorry) in cryptography so this might be a very basic question.

I am interested to know if there exist ciphers such that if I encrypt a message with it and then lose first say 300 bits then I can't recover any information from the message even if I have the decryption key?

My problem is basically that I don't have any knowledge about existing ciphers and I don't know what to look for on the internet. All I know is that there exists some ciphers with random access read ability so I probably don't want those ones.

SEJPM avatar
us flag
That sounds like an All-Or-Nothing transformation.
kelalaka avatar
in flag
A simple modification of CBC can handle this, the IV for each block is the x-or of all previous ciphertext blocks. Though it will be very inefficient.
Maarten Bodewes avatar
in flag
@kelalaka That's symmetric encryption, asymmetric encryption is asked for in the title.
kelalaka avatar
in flag
@MaartenBodewes do we encrypt with those? It is highly possible that the OP confuses the terms.
kelalaka avatar
in flag
If I read the question again, `I encrypt a message with it and then lose first say 300 bits then I can't recover any information from the message even if I have the decryption key?` I read this as symmetric.
Maarten Bodewes avatar
in flag
If it literally reads "asymmetric" then it is asymmetric until the OP changes the title. I don't see how you can conclude "symmetric" or "asymmetric" from that piece of text. If any it reads "asymmetric" as it talks specially about a "decryption key". And e.g. RSA-OAEP can certainly be used to "encrypt with those", yes.
Score:3
in flag

I guess most asymmetric schemes fall into this. 300 bits is quite a large chunk. Most schemes randomize, if possibly in a specific domain. For instance, removing 300 bits from a randomized RSA ciphertext would mean that the modular exponentiation would return the incorrect response - if it would execute at all (RSA explicitly requires a ciphertext that is the same size as the modulus size in bytes). Guessing 300 bits of what is essentially randomized data is computationally infeasible.

Note that if you'd use a deterministic scheme then you could try and guess the plaintext message, and then test if it generates the same ciphertext, after which you could decrypt. Generally we don't use deterministic schemes though.

Similarly, if you'd remove the entire ephemeral DH public key within an hybrid IES scheme then the receiver would not be able to calculate the (symmetric) secret used to encrypt the data.

For hybrid encryption an all-or-nothing transform could also be used, as indicated in the comment section.


Beware that there are many protocols and container formats out there. It is very possible that you remove 300 bits or 37 / 38 bytes from those and still be able to decrypt if you miss the actual ciphertext or an important part of header required derive the actual decryption key.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.