Security of symmetric encryption against mass surveillance
Motivated by revelations concerning population-wide surveillance of encrypted
communications, we formalize and investigate the resistance of symmetric encryption …
communications, we formalize and investigate the resistance of symmetric encryption …
NIZKs with an untrusted CRS: security in the face of parameter subversion
Motivated by the subversion of “trusted” public parameters in mass-surveillance activities,
this paper studies the security of NIZKs in the presence of a maliciously chosen common …
this paper studies the security of NIZKs in the presence of a maliciously chosen common …
A systematic analysis of the Juniper Dual EC incident
In December 2015, Juniper Networks announced multiple security vulnerabilities stemming
from unauthorized code in ScreenOS, the operating system for their NetScreen VPN routers …
from unauthorized code in ScreenOS, the operating system for their NetScreen VPN routers …
Cliptography: Clipping the power of kleptographic attacks
Kleptography, introduced 20 years ago by Young and Yung [Crypto'96], considers the (in)
security of malicious implementations (or instantiations) of standard cryptographic primitives …
security of malicious implementations (or instantiations) of standard cryptographic primitives …
Mass-surveillance without the state: Strongly undetectable algorithm-substitution attacks
We present new algorithm-substitution attacks (ASAs) on symmetric encryption that improve
over prior ones in two ways. First, while prior attacks only broke a sub-class of randomized …
over prior ones in two ways. First, while prior attacks only broke a sub-class of randomized …
Subversion-resilient signature schemes
We provide a formal treatment of security of digital signatures against subversion attacks
(SAs). Our model of subversion generalizes previous work in several directions, and is …
(SAs). Our model of subversion generalizes previous work in several directions, and is …
Message transmission with reverse firewalls—secure communication on corrupted machines
Suppose Alice wishes to send a message to Bob privately over an untrusted channel.
Cryptographers have developed a whole suite of tools to accomplish this task, with a wide …
Cryptographers have developed a whole suite of tools to accomplish this task, with a wide …
Verified correctness and security of mbedTLS HMAC-DRBG
We have formalized the functional specification of HMAC-DRBG (NIST 800-90A), and we
have proved its cryptographic security-that its output is pseudorandom--using a hybrid game …
have proved its cryptographic security-that its output is pseudorandom--using a hybrid game …
Generic semantic security against a kleptographic adversary
Notable recent security incidents have generated intense interest in adversaries which
attempt to subvert---perhaps covertly---crypto\-graphic algorithms. In this paper we develop …
attempt to subvert---perhaps covertly---crypto\-graphic algorithms. In this paper we develop …
A more cautious approach to security against mass surveillance
Abstract At CRYPTO 2014 Bellare, Paterson, and Rogaway (BPR) presented a formal
treatment of symmetric encryption in the light of algorithm substitution attacks (ASAs), which …
treatment of symmetric encryption in the light of algorithm substitution attacks (ASAs), which …