{"id":"https://openalex.org/W4384948645","doi":"https://doi.org/10.1109/sp46215.2023.10179290","title":"MEGA: Malleable Encryption Goes Awry","display_name":"MEGA: Malleable Encryption Goes Awry","publication_year":2023,"publication_date":"2023-05-01","ids":{"openalex":"https://openalex.org/W4384948645","doi":"https://doi.org/10.1109/sp46215.2023.10179290"},"language":"en","primary_location":{"id":"doi:10.1109/sp46215.2023.10179290","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179290","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5052939319","display_name":"Matilda Backendal","orcid":"https://orcid.org/0000-0002-8677-8301"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":true,"raw_author_name":"Matilda Backendal","raw_affiliation_strings":["ETH Zurich,Zurich,Switzerland","ETH Zurich, Zurich, Switzerland"],"affiliations":[{"raw_affiliation_string":"ETH Zurich,Zurich,Switzerland","institution_ids":["https://openalex.org/I35440088"]},{"raw_affiliation_string":"ETH Zurich, Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039065303","display_name":"Miro Haller","orcid":"https://orcid.org/0000-0001-8796-5064"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Miro Haller","raw_affiliation_strings":["ETH Zurich,Zurich,Switzerland","ETH Zurich, Zurich, Switzerland"],"affiliations":[{"raw_affiliation_string":"ETH Zurich,Zurich,Switzerland","institution_ids":["https://openalex.org/I35440088"]},{"raw_affiliation_string":"ETH Zurich, Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072987600","display_name":"Kenneth G. Paterson","orcid":"https://orcid.org/0000-0002-5145-4489"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Kenneth G. Paterson","raw_affiliation_strings":["ETH Zurich,Zurich,Switzerland","ETH Zurich, Zurich, Switzerland"],"affiliations":[{"raw_affiliation_string":"ETH Zurich,Zurich,Switzerland","institution_ids":["https://openalex.org/I35440088"]},{"raw_affiliation_string":"ETH Zurich, Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5052939319"],"corresponding_institution_ids":["https://openalex.org/I35440088"],"apc_list":null,"apc_paid":null,"fwci":2.7941,"has_fulltext":false,"cited_by_count":16,"citation_normalized_percentile":{"value":0.92307232,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"146","last_page":"163"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/mega","display_name":"Mega-","score":0.829775869846344},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7517837882041931},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.6589639782905579},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.645889401435852},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6399039626121521},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.48966386914253235},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4863331913948059},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.4601694941520691},{"id":"https://openalex.org/keywords/compromise","display_name":"Compromise","score":0.4488362669944763},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10312193632125854},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.08373242616653442}],"concepts":[{"id":"https://openalex.org/C2781078984","wikidata":"https://www.wikidata.org/wiki/Q107205","display_name":"Mega-","level":2,"score":0.829775869846344},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7517837882041931},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.6589639782905579},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.645889401435852},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6399039626121521},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.48966386914253235},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4863331913948059},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.4601694941520691},{"id":"https://openalex.org/C46355384","wikidata":"https://www.wikidata.org/wiki/Q726686","display_name":"Compromise","level":2,"score":0.4488362669944763},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10312193632125854},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.08373242616653442},{"id":"https://openalex.org/C1276947","wikidata":"https://www.wikidata.org/wiki/Q333","display_name":"Astronomy","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp46215.2023.10179290","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179290","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.6499999761581421}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":40,"referenced_works":["https://openalex.org/W10068438","https://openalex.org/W13103650","https://openalex.org/W1511886987","https://openalex.org/W1523982624","https://openalex.org/W1552695147","https://openalex.org/W1554501433","https://openalex.org/W1587518092","https://openalex.org/W1802259427","https://openalex.org/W1855109561","https://openalex.org/W2001759130","https://openalex.org/W2141040012","https://openalex.org/W2149789050","https://openalex.org/W2157999631","https://openalex.org/W2270478131","https://openalex.org/W2652008166","https://openalex.org/W2794517056","https://openalex.org/W2795336163","https://openalex.org/W2806424702","https://openalex.org/W2883822506","https://openalex.org/W2888928781","https://openalex.org/W2907549405","https://openalex.org/W2984020543","https://openalex.org/W3008193986","https://openalex.org/W3113657007","https://openalex.org/W4213130208","https://openalex.org/W4226115581","https://openalex.org/W4245236482","https://openalex.org/W4308391724","https://openalex.org/W6600519307","https://openalex.org/W6605395062","https://openalex.org/W6607578086","https://openalex.org/W6637027414","https://openalex.org/W6638489149","https://openalex.org/W6677105317","https://openalex.org/W6677472073","https://openalex.org/W6776162374","https://openalex.org/W6778139103","https://openalex.org/W6786235161","https://openalex.org/W6787187974","https://openalex.org/W6788321694"],"related_works":["https://openalex.org/W4387497383","https://openalex.org/W3183948672","https://openalex.org/W3173606202","https://openalex.org/W3110381201","https://openalex.org/W2948807893","https://openalex.org/W2935909890","https://openalex.org/W2778153218","https://openalex.org/W2758277628","https://openalex.org/W1531601525","https://openalex.org/W2801622120"],"abstract_inverted_index":{"MEGA":[0,19,39,58,63,162],"is":[1,27,54,116,165],"a":[2,76,86,101,190],"leading":[3],"cloud":[4],"storage":[5],"platform":[6],"with":[7],"more":[8],"than":[9],"250":[10],"million":[11],"users":[12,59],"and":[13,34,163],"1000":[14],"Petabytes":[15],"of":[16,44,72,79,82,104,107,113,128,136,143,148,193,196],"stored":[17],"data.":[18],"claims":[20],"to":[21,50,56,118,161],"offer":[22],"user-controlled,":[23],"end-to-end":[24],"security.":[25],"This":[26,53],"achieved":[28],"by":[29,62,66],"having":[30],"all":[31,133,144,157],"data":[32,115],"encryption":[33],"decryption":[35],"operations":[36],"done":[37],"on":[38],"clients,":[40],"under":[41,202],"the":[42,105,111,119,137,145,149,194],"control":[43,71],"keys":[45],"that":[46,121],"are":[47,152],"only":[48],"available":[49],"those":[51],"clients.":[52],"intended":[55],"protect":[57],"from":[60],"attacks":[61,94,151,169],"itself,":[64],"or":[65],"adversaries":[67],"who":[68],"have":[69,156],"taken":[70],"MEGA\u2019s":[73,80,174],"infrastructure.We":[74],"provide":[75,189],"detailed":[77],"analysis":[78],"use":[81],"cryptography":[83],"in":[84,173],"such":[85],"malicious":[87,126],"server":[88],"setting.":[89],"We":[90,139,177,187],"present":[91,178],"five":[92,150],"distinct":[93],"against":[95],"MEGA,":[96],"which":[97,131],"together":[98],"allow":[99],"for":[100],"full":[102],"compromise":[103],"confidentiality":[106],"user":[108,114],"files.":[109],"Additionally,":[110],"integrity":[112],"damaged":[117],"extent":[120],"an":[122],"attacker":[123],"can":[124],"insert":[125],"files":[127],"their":[129],"choice":[130],"pass":[132],"authenticity":[134],"checks":[135],"client.":[138],"built":[140],"proof-of-concept":[141],"versions":[142],"attacks.":[146],"Four":[147],"eminently":[153],"practical.":[154],"They":[155],"been":[158],"responsibly":[159],"disclosed":[160],"remediation":[164],"underway.Taken":[166],"together,":[167],"our":[168],"highlight":[170],"significant":[171],"shortcomings":[172],"cryptographic":[175,197],"architecture.":[176],"immediately":[179],"deployable":[180],"countermeasures,":[181],"as":[182,184],"well":[183],"longer-term":[185],"recommendations.":[186],"also":[188],"broader":[191],"discussion":[192],"challenges":[195],"deployment":[198],"at":[199],"massive":[200],"scale":[201],"strong":[203],"threat":[204],"models.":[205]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":3}],"updated_date":"2026-02-25T23:00:34.991745","created_date":"2025-10-10T00:00:00"}