ABSTRACT
Notable recent security incidents have generated intense interest in adversaries which attempt to subvert---perhaps covertly---crypto\-graphic algorithms. In this paper we develop (IND-CPA) Semantically Secure encryption in this challenging setting. This fundamental encryption primitive has been previously studied in the "kleptographic setting," though existing results must relax the model by introducing trusted components or otherwise constraining the subversion power of the adversary: designing a Public Key System that is kletographically semantically secure (with minimal trust) has remained elusive to date. In this work, we finally achieve such systems, even when all relevant cryptographic algorithms are subject to adversarial (kleptographic) subversion. To this end we exploit novel inter-component randomized cryptographic checking techniques (with an offline checking component), combined with common and simple software engineering modular programming techniques (applied to the system's black box specification level). Moreover, our methodology yields a strong generic technique for the preservation of any semantically secure cryptosystem when incorporated into the strong kleptographic adversary setting.
Supplemental Material
- Giuseppe Ateniese, Bernardo Magri, and Daniele Venturi. 2015. Subversion-Resilient Signature Schemes. In ACM CCS 15, bibfieldeditorIndrajit Ray, Ninghui Li, and Christopher Kruegel: (Eds.). ACM Press, 364--375. Google ScholarDigital Library
- Mihir Bellare and Viet Tung Hoang 2015. Resisting Randomness Subversion: Fast Deterministic and Hedged Public-Key Encryption in the Standard Model. In EUROCRYPT 2015, Part II (LNCS), bibfieldeditorElisabeth Oswald and Marc Fischlin (Eds.), Vol. Vol. 9057. Springer, Heidelberg, 627--656. https://doi.org/10.1007/978--3--662--46803--6_21Google ScholarCross Ref
- Mihir Bellare, Joseph Jaeger, and Daniel Kane. 2015. Mass-surveillance without the State: Strongly Undetectable Algorithm-Substitution Attacks ACM CCS 15, bibfieldeditorIndrajit Ray, Ninghui Li, and Christopher Kruegel: (Eds.). ACM Press, 1431--1440.Google Scholar
- Mihir Bellare, Kenneth G. Paterson, and Phillip Rogaway. 2014. Security of Symmetric Encryption against Mass Surveillance CRYPTO 2014, Part I (LNCS), bibfieldeditorJuan A. Garay and Rosario Gennaro (Eds.), Vol. Vol. 8616. Springer, Heidelberg, 1--19. https://doi.org/10.1007/978--3--662--44371--2_1Google Scholar
- Rongmao Chen, Yi Mu, Guomin Yang, Willy Susilo, Fuchun Guo, and Mingwu Zhang. 2016. Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions ASIACRYPT 2016, Part I (LNCS), bibfieldeditorJung Hee Cheon and Tsuyoshi Takagi (Eds.), Vol. Vol. 10031. Springer, Heidelberg, 844--876. https://doi.org/10.1007/978--3--662--53887--6_31Google Scholar
- Jean Paul Degabriele, Pooya Farshim, and Bertram Poettering. 2015. A More Cautious Approach to Security Against Mass Surveillance FSE 2015 (LNCS), bibfieldeditorGregor Leander (Ed.), Vol. Vol. 9054. Springer, Heidelberg, 579--598. https://doi.org/10.1007/978--3--662--48116--5_28Google Scholar
- Yvo Desmedt. 1988. Subliminal-Free Authentication and Signature (Extended Abstract) EUROCRYPT'88 (LNCS), bibfieldeditorC. G. Günther (Ed.), Vol. Vol. 330. Springer, Heidelberg, 23--33.Google Scholar
- Yvo Desmedt. 1990. Abuses in Cryptography and How to Fight Them. In CRYPTO'88 (LNCS), bibfieldeditorShafi Goldwasser (Ed.), Vol. Vol. 403. Springer, Heidelberg, 375--389. Google ScholarCross Ref
- Docker.Inc. 2013. Docker. (2013). shownotehttps://www.docker.com/.Google Scholar
- Yevgeniy Dodis, Chaya Ganesh, Alexander Golovnev, Ari Juels, and Thomas Ristenpart 2015. A Formal Treatment of Backdoored Pseudorandom Generators EUROCRYPT 2015, Part I (LNCS), bibfieldeditorElisabeth Oswald and Marc Fischlin (Eds.), Vol. Vol. 9056. Springer, Heidelberg, 101--126. https://doi.org/10.1007/978--3--662--46800--5_5Google Scholar
- Yevgeniy Dodis, Ilya Mironov, and Noah Stephens-Davidowitz. 2016. Message Transmission with Reverse Firewalls--Secure Communication on Corrupted Machines. In CRYPTO 2016, Part I (LNCS), bibfieldeditorMatthew Robshaw and Jonathan Katz (Eds.), Vol. Vol. 9814. Springer, Heidelberg, 341--372. https://doi.org/10.1007/978--3--662--53018--4_13Google ScholarDigital Library
- Carl M. Ellison, Roger A. Golliver, Howard C. Herbert, Derrick C. Lin, Francis X. McKeen, Gilbert Neiger, Ken Reneris, James A. Sutton, Shreekant S. Thakkar, and Millind Mittal 2000. Controlling access to multiple isolated memories in an isolated execution environment Controlling access to multiple isolated memories in an isolated execution environment. (2000). shownotehttps://www.google.com/patents/US6678825.Google Scholar
- Nicholas J. Hopper, John Langford, and Luis von Ahn. 2002. Provably Secure Steganography. In CRYPTO 2002 (LNCS), bibfieldeditorMoti Yung (Ed.), Vol. Vol. 2442. Springer, Heidelberg, 77--92. Google ScholarCross Ref
- Immunix 1998. AppArmor. (1998).Google Scholar
- Matt Lepinski, Silvio Micali, and abhi shelat. 2005. Collusion-free protocols. In 37th ACM STOC, bibfieldeditorHarold N. Gabow and Ronald Fagin (Eds.). ACM Press, 543--552.Google Scholar
- Ramya Jayaram Masti, Devendra Rai, Claudio Marforio, and Srdjan Capkun 2014. Isolated Execution on Many-core Architectures. Cryptology ePrint Archive, Report 2014/136. (2014). shownotehttp://eprint.iacr.org/2014/136.Google Scholar
- Ilya Mironov and Noah Stephens-Davidowitz 2015. Cryptographic Reverse Firewalls. In EUROCRYPT 2015, Part II (LNCS), bibfieldeditorElisabeth Oswald and Marc Fischlin (Eds.), Vol. Vol. 9057. Springer, Heidelberg, 657--686. https://doi.org/10.1007/978--3--662--46803--6_22Google ScholarCross Ref
- Mendel Rosenblum. 2004. The Reincarnation of Virtual Machines The Reincarnation of Virtual Machines. ACM Queue, Vol. 2, 15 (2004), 34--40. Google ScholarDigital Library
- Ronitt A. Rubinfeld. 1991. A Mathematical Theory of Self-checking, Self-testing and Self-correcting Programs. bibinfothesistypePh.D. Dissertation. bibinfoschoolUniversity of California at Berkeley, Berkeley, CA, USA. shownoteUMI Order No. GAX91--26752.Google Scholar
- Alexander Russell, Qiang Tang, Moti Yung, and Hong-Sheng Zhou. 2016. Cliptography: Clipping the Power of Kleptographic Attacks ASIACRYPT 2016, Part II (LNCS), bibfieldeditorJung Hee Cheon and Tsuyoshi Takagi (Eds.), Vol. Vol. 10032. Springer, Heidelberg, 34--64. https://doi.org/10.1007/978--3--662--53890--6_2Google Scholar
- Gustavus J. Simmons. 1983. The Prisoners' Problem and the Subliminal Channel. CRYPTO'83, bibfieldeditorDavid Chaum (Ed.). Plenum Press, New York, USA, 51--67.Google Scholar
- Gustavus J. Simmons. 1986. A Secure Subliminal Channel (?). In CRYPTO'85 (LNCS), bibfieldeditorHugh C. Williams (Ed.), Vol. Vol. 218. Springer, Heidelberg, 33--41.Google Scholar
- NTT Data Corporation Tomoyo Linux. 2009. Tomoyo. (2009). shownotehttp://tomoyo.osdn.jp/.Google Scholar
- Amit Vasudevan, Jonathan M. McCune, James Newsome, Adrian Perrig, and Leendert van Doorn. 2012. CARMA: a hardware tamper-resistant isolated execution environment on commodity x86 platforms. In ASIACCS 12, bibfieldeditorHeung Youl Youm and Yoojae Won (Eds.). ACM Press, 48--49. Google ScholarDigital Library
- Wikipedia. 2016. Software Guard Extensions. (2016). shownotehttps://en.wikipedia.org/wiki/Software_Guard_Extensions.Google Scholar
- Adam Young and Moti Yung 1996. The Dark Side of "Black-Box" Cryptography, or: Should We Trust Capstone? CRYPTO'96 (LNCS), bibfieldeditorNeal Koblitz (Ed.), Vol. Vol. 1109. Springer, Heidelberg, 89--103.Google Scholar
- Adam Young and Moti Yung 1997. Kleptography: Using Cryptography Against Cryptography EUROCRYPT'97 (LNCS), bibfieldeditorWalter Fumy (Ed.), Vol. Vol. 1233. Springer, Heidelberg, 62--74. endthebibliographyGoogle Scholar
Index Terms
- Generic Semantic Security against a Kleptographic Adversary
Recommendations
Semantic security for the McEliece cryptosystem without random oracles
In this paper, we formally prove that padding the plaintext with a random bit-string provides the semantic security against chosen plaintext attack (IND-CPA) for the McEliece (and its dual, the Niederreiter) cryptosystems under the standard assumptions. ...
Cryptanalysis of a certificateless signcryption scheme in the standard model
Certificateless signcryption is a useful primitive which simultaneously provides the functionalities of certificateless encryption and certificateless signature. Recently, Liu et al. [15] proposed a new certificateless signcryption scheme, and claimed ...
A Practical Post-Quantum Public-Key Cryptosystem Based on $$\textsf {spLWE}$$
ICISC 2016: Proceedings of the 19th International Conference on Information Security and Cryptology - Volume 10157The Learning with Errors $$\textsf {LWE}$$ problem has been widely used as a hardness assumption to construct public-key primitives. In this paper, we propose an efficient instantiation of a PKE scheme based on LWE with a sparse secret, named as $$\...
Comments