web02.fireside.fm Sat, 25 Apr 2026 15:37:39 -0500 Fireside (https://fireside.fm) Cryptography FM - Episodes Tagged with “Authenticated Encryption” https://cryptography.fireside.fm/tags/authenticated%20encryption Tue, 01 Dec 2020 16:00:00 +0100 Cryptography FM is a regular podcast with news and a featured interview covering the latest developments in theoretical and applied cryptography. Whether it's a new innovative paper on lattice-based cryptography or a novel attack on a secure messaging protocol, we'll get the people behind it on Cryptography FM. en-us episodic In-depth, substantive discussions on the latest news and research in applied cryptography. Symbolic Software Cryptography FM is a regular podcast with news and a featured interview covering the latest developments in theoretical and applied cryptography. Whether it's a new innovative paper on lattice-based cryptography or a novel attack on a secure messaging protocol, we'll get the people behind it on Cryptography FM. no cryptography Symbolic Software nadim@symbolic.software Episode 10: Exploiting Authenticated Encryption Key Commitment! https://cryptography.fireside.fm/10 8be77a94-3f0f-4bb9-add8-18f1fc0fde93 Tue, 01 Dec 2020 16:00:00 +0100 Symbolic Software 10 Episode 10: Exploiting Authenticated Encryption Key Commitment! full Symbolic Software Ange Albertini and Stefan Kölbl discuss how new research from Google, the University of Haifa and Amazon is exploiting authenticated encryption to make a PDF decrypt into... a different PDF. And much more. 46:34 no Authenticated encryption such as AES-GCM or ChaCha20-Poly1305 is used in a wide variety of applications, including potentially in settings for which it was not originally designed. A question given relatively little attention is whether an authenticated encryption scheme guarantees “key commitment”: the notion that ciphertext should decrypt to a valid plaintext only under the key that was used to generate the ciphertext. In reality, however, protocols and applications do rely on key commitment. A new paper by engineers at Google, the University of Haifa and Amazon demonstrates three recent applications where missing key commitment is exploitable in practice. They construct AES-GCM ciphertext which can be decrypted to two plaintexts valid under a wide variety of file formats, such as PDF, Windows executables, and DICOM; and the results may shock you. Links and papers discussed in the show: * How to Abuse and Fix Authenticated Encryption Without Key Commitment (https://eprint.iacr.org/2020/1456) * Mitra, Ange's software tool for generating binary polyglots (https://github.com/corkami/mitra) * Shattered and other research into hash collisions (https://github.com/corkami/collisions) Music composed by Toby Fox and performed by Sean Schafianski (https://seanschafianski.bandcamp.com/). Special Guests: Ange Albertini and Stefan Kölbl. authenticated encryption Authenticated encryption such as AES-GCM or ChaCha20-Poly1305 is used in a wide variety of applications, including potentially in settings for which it was not originally designed. A question given relatively little attention is whether an authenticated encryption scheme guarantees “key commitment”: the notion that ciphertext should decrypt to a valid plaintext only under the key that was used to generate the ciphertext.

In reality, however, protocols and applications do rely on key commitment. A new paper by engineers at Google, the University of Haifa and Amazon demonstrates three recent applications where missing key commitment is exploitable in practice. They construct AES-GCM ciphertext which can be decrypted to two plaintexts valid under a wide variety of file formats, such as PDF, Windows executables, and DICOM; and the results may shock you.

Links and papers discussed in the show:

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guests: Ange Albertini and Stefan Kölbl.

Sponsored By:

]]> Authenticated encryption such as AES-GCM or ChaCha20-Poly1305 is used in a wide variety of applications, including potentially in settings for which it was not originally designed. A question given relatively little attention is whether an authenticated encryption scheme guarantees “key commitment”: the notion that ciphertext should decrypt to a valid plaintext only under the key that was used to generate the ciphertext.

In reality, however, protocols and applications do rely on key commitment. A new paper by engineers at Google, the University of Haifa and Amazon demonstrates three recent applications where missing key commitment is exploitable in practice. They construct AES-GCM ciphertext which can be decrypted to two plaintexts valid under a wide variety of file formats, such as PDF, Windows executables, and DICOM; and the results may shock you.

Links and papers discussed in the show:

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guests: Ange Albertini and Stefan Kölbl.

Sponsored By:

]]>