Cryptology ePrint Archive: Report 2015/748

A More Cautious Approach to Security Against Mass Surveillance

Jean Paul Degabriele and Pooya Farshim and Bertram Poettering

Abstract: At CRYPTO 2014 Bellare, Paterson, and Rogaway (BPR) presented a formal treatment of symmetric encryption in the light of algorithm substitution attacks (ASAs), which may be employed by `big brother' entities for the scope of mass surveillance. Roughly speaking, in ASAs big brother may bias ciphertexts to establish a covert channel to leak vital cryptographic information. In this work, we identify a seemingly benign assumption implicit in BPR's treatment and argue that it artificially (and severely) limits big brother's capabilities. We then demonstrate the critical role that this assumption plays by showing that even a slight weakening of it renders the security notion completely unsatisfiable by any, possibly deterministic and/or stateful, symmetric encryption scheme. We propose a refined security model to address this shortcoming, and use it to restore the positive result of BPR, but caution that this defense does not stop most other forms of covert-channel attacks.

Category / Keywords: secret-key cryptography / mass surveillance, algorithm substitution attack, symmetric encryption, covert channel.

Original Publication (with minor differences): IACR-FSE-2015

Date: received 26 Jul 2015, last revised 7 Aug 2015

Contact author: jpdega at gmail com, pooya farshim@gmail com, bertram poettering@rhul ac uk

Available format(s): PDF | BibTeX Citation

Version: 20150807:100741 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]