Breaking The Unbreakable: Meet Malleable Encryption Goes Awry

As an academic, I spend a good amount of time reading papers and I love solving cryptography puzzles. So when a paper drops that cracks the encryption on a Cloud-based platform, it’s a dream to read and discover new ways to crack cryptography, and how old ways can still be applied. I appreciate it is not good for the systems involved, but it does highlight how poor some of our designs around encryption can be.

The paper is written by researchers at ETH Zurich [paper][Web]:

The analysis relates to MEGA, and which is a massive cloud infrastructure which uses User-Controlled end-to-end Encryption (UCE), with over 250 million registered users and 1000 PB of stored data. Overall, the paper does not have just one attack, but five:

• RSA Key Recovery: This recovers a user’s private key using 512 attempted logins.
• Plaintext Recovery: This recovers all the related encryption key material, and which can be used to decrypt all of the communications and files related to a user.
• Framing: This can create files within a user’s storage area, and which cannot be differentiated from the ones…