TY - GEN
T1 - Public immunization against complete subversion without random oracles
AU - Ateniese, Giuseppe
AU - Francati, Danilo
AU - Magri, Bernardo
AU - Venturi, Daniele
N1 - Funding Information:
B. Magri—The author was supported by the Concordium Blockchain Research Center, Aarhus University, Denmark.
Publisher Copyright:
© Springer Nature Switzerland AG 2019.
PY - 2019
Y1 - 2019
N2 - We seek constructions of general-purpose immunizers that take arbitrary cryptographic primitives, and transform them into ones that withstand a powerful “malicious but proud” adversary, who attempts to break security by possibly subverting the implementation of all algorithms (including the immunizer itself!), while trying not to be detected. This question is motivated by the recent evidence of cryptographic schemes being intentionally weakened, or designed together with hidden backdoors, e.g., with the scope of mass surveillance. Our main result is a subversion-secure immunizer in the plain model (assuming collision-resistant hashing), that works for a fairly large class of deterministic primitives, i.e., cryptoschemes where a secret (but tamperable) random source is used to generate the keys and the public parameters, whereas all other algorithms are deterministic. The immunizer relies on an additional independent source of public randomness, which is used to sample a public seed. While the public source is untamperable, the subversion of all other algorithms is allowed to depend on it. Previous work in the area only obtained subversion-secure immunization for very restricted classes of primitives, often in weaker models of subversion and relying on random oracles, or by leveraging a higher number of independent random sources.
AB - We seek constructions of general-purpose immunizers that take arbitrary cryptographic primitives, and transform them into ones that withstand a powerful “malicious but proud” adversary, who attempts to break security by possibly subverting the implementation of all algorithms (including the immunizer itself!), while trying not to be detected. This question is motivated by the recent evidence of cryptographic schemes being intentionally weakened, or designed together with hidden backdoors, e.g., with the scope of mass surveillance. Our main result is a subversion-secure immunizer in the plain model (assuming collision-resistant hashing), that works for a fairly large class of deterministic primitives, i.e., cryptoschemes where a secret (but tamperable) random source is used to generate the keys and the public parameters, whereas all other algorithms are deterministic. The immunizer relies on an additional independent source of public randomness, which is used to sample a public seed. While the public source is untamperable, the subversion of all other algorithms is allowed to depend on it. Previous work in the area only obtained subversion-secure immunization for very restricted classes of primitives, often in weaker models of subversion and relying on random oracles, or by leveraging a higher number of independent random sources.
UR - http://www.scopus.com/inward/record.url?scp=85067236890&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-21568-2_23
DO - 10.1007/978-3-030-21568-2_23
M3 - Conference contribution
AN - SCOPUS:85067236890
SN - 9783030215675
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 465
EP - 485
BT - Applied Cryptography and Network Security - 17th International Conference, ACNS 2019, Proceedings
A2 - Gauthier-Umaña, Valérie
A2 - Deng, Robert H.
A2 - Yung, Moti
A2 - Ochoa, Martín
PB - Springer-Verlag Italia
T2 - 17th International Conference on Applied Cryptography and Network Security, ACNS 2019
Y2 - 5 June 2019 through 7 June 2019
ER -