Cryptographic reverse firewalls for interactive proof systems

Chaya Ganesh; Bernardo Magri; Daniele Venturi

doi:10.4230/LIPIcs.ICALP.2020.55

Cryptographic reverse firewalls for interactive proof systems

Chaya Ganesh, Bernardo Magri, Daniele Venturi

Systems and Software Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We study interactive proof systems (IPSes) in a strong adversarial setting where the machines of honest parties might be corrupted and under control of the adversary. Our aim is to answer the following, seemingly paradoxical, questions: Can Peggy convince Vic of the veracity of an NP statement, without leaking any information about the witness even in case Vic is malicious and Peggy does not trust her computer? Can we avoid that Peggy fools Vic into accepting false statements, even if Peggy is malicious and Vic does not trust her computer? At EUROCRYPT 2015, Mironov and Stephens-Davidowitz introduced cryptographic reverse firewalls (RFs) as an attractive approach to tackling such questions. Intuitively, a RF for Peggy/Vic is an external party that sits between Peggy/Vic and the outside world and whose scope is to sanitize Peggy's/Vic's incoming and outgoing messages in the face of subversion of her/his computer, e.g. in order to destroy subliminal channels. In this paper, we put forward several natural security properties for RFs in the concrete setting of IPSes. As our main contribution, we construct efficient RFs for different IPSes derived from a large class of Sigma protocols that we call malleable. A nice feature of our design is that it is completely transparent, in the sense that our RFs can be directly applied to already deployed IPSes, without the need to re-implement them.

Original language	English
Title of host publication	47th International Colloquium on Automata, Languages, and Programming, ICALP 2020
Editors	Artur Czumaj, Anuj Dawar, Emanuela Merelli
Publisher	Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
Pages	1-16
Number of pages	16
ISBN (Electronic)	9783959771382
ISBN (Print)	9783959771382
DOIs	https://doi.org/10.4230/LIPIcs.ICALP.2020.55
Publication status	Published - 29 Jun 2020
Event	47th International Colloquium on Automata, Languages, and Programming, ICALP 2020 - Virtual, Online, Germany Duration: 8 Jul 2020 → 11 Jul 2020

Publication series

Name	Leibniz International Proceedings in Informatics, LIPIcs
Volume	168
ISSN (Print)	1868-8969

Conference

Conference	47th International Colloquium on Automata, Languages, and Programming, ICALP 2020
Country/Territory	Germany
City	Virtual, Online
Period	8/07/20 → 11/07/20

Keywords

algorithm substitution attacks
cryptographic reverse firewalls
interactive proofs
subversion
zero knowledge

Access to Document

10.4230/LIPIcs.ICALP.2020.55

Cite this

Ganesh, C., Magri, B., & Venturi, D. (2020). Cryptographic reverse firewalls for interactive proof systems. In A. Czumaj, A. Dawar, & E. Merelli (Eds.), 47th International Colloquium on Automata, Languages, and Programming, ICALP 2020 (pp. 1-16). Article 55 (Leibniz International Proceedings in Informatics, LIPIcs; Vol. 168). Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing. https://doi.org/10.4230/LIPIcs.ICALP.2020.55

Ganesh, Chaya ; Magri, Bernardo ; Venturi, Daniele. / Cryptographic reverse firewalls for interactive proof systems. 47th International Colloquium on Automata, Languages, and Programming, ICALP 2020. editor / Artur Czumaj ; Anuj Dawar ; Emanuela Merelli. Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing, 2020. pp. 1-16 (Leibniz International Proceedings in Informatics, LIPIcs).

@inproceedings{0c312a5bf44149ff8f7354835784dae2,

title = "Cryptographic reverse firewalls for interactive proof systems",

abstract = "We study interactive proof systems (IPSes) in a strong adversarial setting where the machines of honest parties might be corrupted and under control of the adversary. Our aim is to answer the following, seemingly paradoxical, questions: Can Peggy convince Vic of the veracity of an NP statement, without leaking any information about the witness even in case Vic is malicious and Peggy does not trust her computer? Can we avoid that Peggy fools Vic into accepting false statements, even if Peggy is malicious and Vic does not trust her computer? At EUROCRYPT 2015, Mironov and Stephens-Davidowitz introduced cryptographic reverse firewalls (RFs) as an attractive approach to tackling such questions. Intuitively, a RF for Peggy/Vic is an external party that sits between Peggy/Vic and the outside world and whose scope is to sanitize Peggy's/Vic's incoming and outgoing messages in the face of subversion of her/his computer, e.g. in order to destroy subliminal channels. In this paper, we put forward several natural security properties for RFs in the concrete setting of IPSes. As our main contribution, we construct efficient RFs for different IPSes derived from a large class of Sigma protocols that we call malleable. A nice feature of our design is that it is completely transparent, in the sense that our RFs can be directly applied to already deployed IPSes, without the need to re-implement them.",

keywords = "algorithm substitution attacks, cryptographic reverse firewalls, interactive proofs, subversion, zero knowledge",

author = "Chaya Ganesh and Bernardo Magri and Daniele Venturi",

note = "Funding Information: Funding Bernardo Magri: This work was supported by Concordium Blockchain Research Center, Aarhus University, Denmark. Publisher Copyright: {\textcopyright} Chaya Ganesh, Bernardo Magri, and Daniele Venturi; licensed under Creative Commons License CC-BY 47th International Colloquium on Automata, Languages, and Programming (ICALP 2020).; 47th International Colloquium on Automata, Languages, and Programming, ICALP 2020 ; Conference date: 08-07-2020 Through 11-07-2020",

year = "2020",

month = jun,

day = "29",

doi = "10.4230/LIPIcs.ICALP.2020.55",

language = "English",

isbn = "9783959771382",

series = "Leibniz International Proceedings in Informatics, LIPIcs",

publisher = "Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing",

pages = "1--16",

editor = "Artur Czumaj and Anuj Dawar and Emanuela Merelli",

booktitle = "47th International Colloquium on Automata, Languages, and Programming, ICALP 2020",

address = "Germany",

}

Ganesh, C, Magri, B & Venturi, D 2020, Cryptographic reverse firewalls for interactive proof systems. in A Czumaj, A Dawar & E Merelli (eds), 47th International Colloquium on Automata, Languages, and Programming, ICALP 2020., 55, Leibniz International Proceedings in Informatics, LIPIcs, vol. 168, Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing, pp. 1-16, 47th International Colloquium on Automata, Languages, and Programming, ICALP 2020, Virtual, Online, Germany, 8/07/20. https://doi.org/10.4230/LIPIcs.ICALP.2020.55

Cryptographic reverse firewalls for interactive proof systems. / Ganesh, Chaya; Magri, Bernardo; Venturi, Daniele.
47th International Colloquium on Automata, Languages, and Programming, ICALP 2020. ed. / Artur Czumaj; Anuj Dawar; Emanuela Merelli. Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing, 2020. p. 1-16 55 (Leibniz International Proceedings in Informatics, LIPIcs; Vol. 168).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Cryptographic reverse firewalls for interactive proof systems

AU - Ganesh, Chaya

AU - Magri, Bernardo

AU - Venturi, Daniele

N1 - Funding Information: Funding Bernardo Magri: This work was supported by Concordium Blockchain Research Center, Aarhus University, Denmark. Publisher Copyright: © Chaya Ganesh, Bernardo Magri, and Daniele Venturi; licensed under Creative Commons License CC-BY 47th International Colloquium on Automata, Languages, and Programming (ICALP 2020).

PY - 2020/6/29

Y1 - 2020/6/29

N2 - We study interactive proof systems (IPSes) in a strong adversarial setting where the machines of honest parties might be corrupted and under control of the adversary. Our aim is to answer the following, seemingly paradoxical, questions: Can Peggy convince Vic of the veracity of an NP statement, without leaking any information about the witness even in case Vic is malicious and Peggy does not trust her computer? Can we avoid that Peggy fools Vic into accepting false statements, even if Peggy is malicious and Vic does not trust her computer? At EUROCRYPT 2015, Mironov and Stephens-Davidowitz introduced cryptographic reverse firewalls (RFs) as an attractive approach to tackling such questions. Intuitively, a RF for Peggy/Vic is an external party that sits between Peggy/Vic and the outside world and whose scope is to sanitize Peggy's/Vic's incoming and outgoing messages in the face of subversion of her/his computer, e.g. in order to destroy subliminal channels. In this paper, we put forward several natural security properties for RFs in the concrete setting of IPSes. As our main contribution, we construct efficient RFs for different IPSes derived from a large class of Sigma protocols that we call malleable. A nice feature of our design is that it is completely transparent, in the sense that our RFs can be directly applied to already deployed IPSes, without the need to re-implement them.

AB - We study interactive proof systems (IPSes) in a strong adversarial setting where the machines of honest parties might be corrupted and under control of the adversary. Our aim is to answer the following, seemingly paradoxical, questions: Can Peggy convince Vic of the veracity of an NP statement, without leaking any information about the witness even in case Vic is malicious and Peggy does not trust her computer? Can we avoid that Peggy fools Vic into accepting false statements, even if Peggy is malicious and Vic does not trust her computer? At EUROCRYPT 2015, Mironov and Stephens-Davidowitz introduced cryptographic reverse firewalls (RFs) as an attractive approach to tackling such questions. Intuitively, a RF for Peggy/Vic is an external party that sits between Peggy/Vic and the outside world and whose scope is to sanitize Peggy's/Vic's incoming and outgoing messages in the face of subversion of her/his computer, e.g. in order to destroy subliminal channels. In this paper, we put forward several natural security properties for RFs in the concrete setting of IPSes. As our main contribution, we construct efficient RFs for different IPSes derived from a large class of Sigma protocols that we call malleable. A nice feature of our design is that it is completely transparent, in the sense that our RFs can be directly applied to already deployed IPSes, without the need to re-implement them.

KW - algorithm substitution attacks

KW - cryptographic reverse firewalls

KW - interactive proofs

KW - subversion

KW - zero knowledge

UR - http://www.scopus.com/inward/record.url?scp=85089343425&partnerID=8YFLogxK

UR - https://www.mendeley.com/catalogue/112f7ead-be92-3766-895d-50141aacac7d/

U2 - 10.4230/LIPIcs.ICALP.2020.55

DO - 10.4230/LIPIcs.ICALP.2020.55

M3 - Conference contribution

AN - SCOPUS:85089343425

SN - 9783959771382

T3 - Leibniz International Proceedings in Informatics, LIPIcs

SP - 1

EP - 16

BT - 47th International Colloquium on Automata, Languages, and Programming, ICALP 2020

A2 - Czumaj, Artur

A2 - Dawar, Anuj

A2 - Merelli, Emanuela

PB - Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing

T2 - 47th International Colloquium on Automata, Languages, and Programming, ICALP 2020

Y2 - 8 July 2020 through 11 July 2020

ER -

Ganesh C, Magri B, Venturi D. Cryptographic reverse firewalls for interactive proof systems. In Czumaj A, Dawar A, Merelli E, editors, 47th International Colloquium on Automata, Languages, and Programming, ICALP 2020. Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing. 2020. p. 1-16. 55. (Leibniz International Proceedings in Informatics, LIPIcs). doi: 10.4230/LIPIcs.ICALP.2020.55

Cryptographic reverse firewalls for interactive proof systems

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this