Subvert KEM to break DEM: practical algorithm-substitution attacks on public-key encryption
Motivated by the currently widespread concern about mass surveillance of encrypted
communications, Bellare et al. introduced at CRYPTO 2014 the notion of Algorithm …
communications, Bellare et al. introduced at CRYPTO 2014 the notion of Algorithm …
Practical algorithm substitution attacks on real-world public-key cryptosystems
H Jiang, J Han, Z Zhang, Z Ma… - IEEE Transactions on …, 2023 - ieeexplore.ieee.org
The revelations about massive surveillance have created significant interest in algorithm
substitution attack (ASA), where an honest implementation of a cryptographic primitive is …
substitution attack (ASA), where an honest implementation of a cryptographic primitive is …
Subversion-resilient public key encryption with practical watchdogs
Restoring the security of maliciously implemented cryptosystems has been widely
considered challenging due to the fact that the subverted implementation could arbitrarily …
considered challenging due to the fact that the subverted implementation could arbitrarily …
Cryptographic reverse firewalls for interactive proof systems
We study interactive proof systems (IPSes) in a strong adversarial setting where the
machines of honest parties might be corrupted and under control of the adversary. Our aim …
machines of honest parties might be corrupted and under control of the adversary. Our aim …
Algorithm substitution attacks: State reset detection and asymmetric modifications
P Hodges, D Stebila - IACR Transactions on Symmetric Cryptology, 2021 - tosc.iacr.org
In this paper, we study algorithm substitution attacks (ASAs), where an algorithm in a
cryptographic scheme is substituted for a subverted version. First, we formalize and study …
cryptographic scheme is substituted for a subverted version. First, we formalize and study …
Subversion-resilient authenticated encryption without random oracles
In 2013, the Snowden revelations have shown subversion of cryptographic implementations
to be a relevant threat. Since then, the academic community has been pushing the …
to be a relevant threat. Since then, the academic community has been pushing the …
Blockchain-based immunization against kleptographic attacks
C Jiang, C Xu, J Chen, K Chen - Science China Information Sciences, 2024 - Springer
Adversarial implementations of cryptographic primitives called kleptographic attacks cause
the leakage of secret information. Subliminal channel attacks are one of the kleptographic …
the leakage of secret information. Subliminal channel attacks are one of the kleptographic …
Key Exchange in the Post-snowden Era: Universally Composable Subversion-Resilient PAKE
S Chakraborty, L Magliocco, B Magri… - … Conference on the Theory …, 2025 - Springer
Abstract Password-Authenticated Key Exchange (PAKE) allows two parties to establish a
common high-entropy secret from a possibly low-entropy pre-shared secret such as a …
common high-entropy secret from a possibly low-entropy pre-shared secret such as a …
Subversion Resilient Hashing: Efficient Constructions and Modular Proofs for Crooked Indifferentiability
R Bhattacharyya, M Nandi… - IEEE Transactions on …, 2023 - ieeexplore.ieee.org
We consider the problem of constructing secure cryptographic hash functions from
subverted ideal primitives. Hash functions are used to instantiate Random Oracles in …
subverted ideal primitives. Hash functions are used to instantiate Random Oracles in …
Thinking Inside The Box: Privacy Against Stronger Adversaries
E Chung - arXiv preprint arXiv:2406.16313, 2024 - arxiv.org
In this thesis, we study extensions of statistical cryptographic primitives. In particular we
study leakage-resilient secret sharing, non-malleable extractors, and immunized ideal one …
study leakage-resilient secret sharing, non-malleable extractors, and immunized ideal one …