Abstract
Deniable public-key encryption (DPKE) is a cryptographic primitive that allows the sender of an encrypted message to later claim that they sent a different message. DPKE's threat model assumes powerful adversaries who can coerce users to reveal plaintexts; it is thus reasonable to consider other advanced capabilities, such as being able to subvert algorithms in a so-called Algorithm Substitution Attack (ASA). ASAs have been considered against a number of primitives including digital signatures, symmetric encryption and pseudo-random generators. However, public-key encryption has presented a less fruitful target, as the sender's only secrets are plaintexts and ASA techniques generally do not provide sufficient bandwidth to leak these.
In this article, we give a formal model of ASAs against DPKE, and argue that subversion attacks against DPKE schemes present an attractive opportunity for an adversary. Our results strengthen the security model for DPKE and highlight the necessity of considering subversion in the design of practical schemes.
In this article, we give a formal model of ASAs against DPKE, and argue that subversion attacks against DPKE schemes present an attractive opportunity for an adversary. Our results strengthen the security model for DPKE and highlight the necessity of considering subversion in the design of practical schemes.
Original language | English |
---|---|
Pages | 52-59 |
Number of pages | 8 |
DOIs | |
Publication status | Published - 7 Nov 2022 |
Event | The 16th Conference on Provable and Practical Security - Nanjing, China Duration: 11 Nov 2022 → 12 Nov 2022 Conference number: 16 |
Conference
Conference | The 16th Conference on Provable and Practical Security |
---|---|
Abbreviated title | ProvSec |
Country/Territory | China |
City | Nanjing |
Period | 11/11/22 → 12/11/22 |
Keywords
- cryptography
- deniable encryption
- algorithm substitution attacks