期刊
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
卷 18, 期 -, 页码 5069-5081出版社
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/TIFS.2023.3304124
关键词
Algorithm substitution attack; randomized algorithm; public-key cryptography
This paper discusses algorithm substitution attacks (ASAs) which replace the honest implementation of a cryptographic primitive with a subverted one to aid in breaking cryptographic security. The authors present a practical and undetectable substitution method for a general randomized algorithm, and demonstrate a series of ASAs on core primitives in public-key cryptography. These attacks are universal, as they do not rely on the internal description of the underlying cryptographic algorithm, and they have practical implications for widely deployed cryptographic standards and ongoing NIST post-quantum standards.
The revelations about massive surveillance have created significant interest in algorithm substitution attack (ASA), where an honest implementation of a cryptographic primitive is replaced by a subverted one which can help big brother to break cryptographic security while generating output indistinguishable from the honest output. The current known ASAs on public-key cryptography are either dedicated for a type of concrete constructions with specific internal, or restrictive when applying to the real-word cryptographic standards (Ateniese et al., ACM CCS'15; Russell et al., ACM CCS'17; Chen et al., ASIACRYPT'20). In this paper, we first present a practical undetectable substitution for a general randomized algorithm with certain structure such that the randomness can be revealed to the big brother. Then, instantiating this randomized algorithm, we present a series of ASAs on core primitives in public-key cryptography including public-key encryption, key encapsulation mechanism, key exchange, and digital signature. In particular, our ASAs are universal in the sense that they do not rely on the internal description of the underlying cryptographic algorithm. Moreover, our ASAs are also practical since they can affect not only the widely deployed cryptographic standards, but also the ongoing NIST post-quantum standards.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据