MEGA: Malleable Encryption Goes Awry
Published in IEEE Symposium on Security and Privacy, 2023
We show that the cryptographic design of the cloud storage system MEGA does not protect its users against a malicious server and present five distinct attacks, which together allow for a full compromise of the confidentiality of user files.
Recommended citation: Matilda Backendal, Miro Haller and Kenneth G. Paterson. (2023). "MEGA: Malleable Encryption Goes Awry" 44th IEEE Symposium on Security and Privacy. https://eprint.iacr.org/2022/959