Motivated by the currently widespread concern about mass surveillance of encrypted
communications, Bellare et al. introduced at CRYPTO 2014 the notion of Algorithm …

The revelations about massive surveillance have created significant interest in algorithm
substitution attack (ASA), where an honest implementation of a cryptographic primitive is …

Abstract In ASIACRYPT 2016, Bellare, Fuchsbauer and Scafuro studied security of non-
interactive zero-knowledge (NIZK) arguments in the face of parameter subversion. They …

In the setting of subversion, an adversary tampers with the machines of the honest parties
thus leaking the honest parties' secrets through the protocol transcript. The work of Mironov …

Zk-SNARKs, as the most efficient NIZK arguments in terms of proof size and verification, are
ubiquitously deployed in practice. In applications like Hawk [S&P'16], Gyges [CCS'16] …

We study interactive proof systems (IPSes) in a strong adversarial setting where the
machines of honest parties might be corrupted and under control of the adversary. Our aim …

We seek constructions of general-purpose immunizers that take arbitrary cryptographic
primitives, and transform them into ones that withstand a powerful “malicious but proud” …

We study Multi-party computation (MPC) in the setting of subversion, where the adversary
tampers with the machines of honest parties. Our goal is to construct actively secure MPC …

We provide a formal treatment of security of digital signatures against subversion attacks
(SAs). Our model of subversion generalizes previous work in several directions, and is …

We revisit the well-studied problem of preventing steganographic communication in multi-
party communications. While this is known to be a provably impossible task, we propose a …