International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 30 July 2015

Jean Paul Degabriele, Pooya Farshim, Bertram Poettering
ePrint Report ePrint Report
At CRYPTO 2014 Bellare, Paterson, and Rogaway (BPR) presented a formal treatment of symmetric encryption in the light of algorithm substitution attacks (ASAs), which may be employed by `big brother\' entities for the scope of mass surveillance. Roughly speaking, in ASAs big brother may bias ciphertexts to establish a covert channel to leak vital cryptographic information. In this work, we identify a seemingly benign assumption implicit in BPR\'s treatment and argue that it artificially (and severely) limits big brother\'s capabilities. We then demonstrate the critical role that this assumption plays by showing that even a slight weakening of it renders the security notion completely unsatisfiable by any, possibly deterministic and/or stateful, symmetric encryption scheme. We propose a refined security model to address this shortcoming, and use it to restore the positive result of BPR, but caution that this defense does not stop most other forms of covert-channel attacks.

Expand

Additional news items may be found on the IACR news page.