Definition
Malleability is the characteristic of some data or cryptographic elements (e.g., digital signatures or encrypted messages) to be altered by an unauthorized actor without modifying the underlying data.
It is a significant security risk as it could allow attackers to interfere with data and potentially create fraudulent transactions or exploit vulnerabilities without being detected. So, addressing and mitigating malleability issues can help ensure the trustworthiness and integrity of digital systems and communications.
How Malleability Works
- Encryption changes data into a gibberish format, which is impossible to read without a proper decryption key.
- In some encryption techniques, ciphertext alterations can occur without changing the underlying data. For instance, a hacker can intercept an encrypted message and change specific blocks and bits without having the encryption key, altering the ciphertext.
- The recipient might receive a meaningful but modified plaintext, which is a security concern.
Malleable Encryption Modes
- Cipher Feedback (CFB) mode converts a block cipher to function as a self-synchronizing stream cipher. It also includes feedback from the preceding ciphertext blocks into the encryption process, which could introduce malleability in some situations.
- Cipher Block Chaining (CBC) is vulnerable to malleability. This is because it encrypts each block separately and uses the results of the previous block to encrypt the next block. The chaining of blocks can cause malleability.
- Output Feedback (OFB) mode changes a block cipher into a synchronous cipher. It also uses feedback from the previous ciphertext blocks, which could introduce malleability.