Cryptology ePrint Archive: Report 2020/986

The MALICIOUS Framework: Embedding Backdoors into Tweakable Block Ciphers

Thomas Peyrin and Haoyang Wang

Abstract: Inserting backdoors in encryption algorithms has long seemed like a very interesting, yet difficult problem. Most attempts have been unsuccessful for symmetric-key primitives so far and it remains an open problem how to build such ciphers.

In this work, we propose the MALICIOUS framework, a new method to build tweakable block ciphers that have backdoors hidden which allows to retrieve the secret key. Our backdoor is differential in nature: a specific related-tweak differential path with high probability is hidden during the design phase of the cipher. We explain how any entity knowing the backdoor can practically recover the secret key of a user and we also argue why even knowing the presence of the backdoor and the workings of the cipher will not permit to retrieve the backdoor for an external user. We analyze the security of our construction in the classical black-box model and we show that retrieving the backdoor (the hidden high-probability differential path) is very difficult.

We instantiate our framework by proposing the LowMC-M construction, a new family of tweakable block ciphers based on instances of the LowMC cipher, which allow such backdoor embedding. Generating LowMC-M instances is trivial and the LowMC-M family has basically the same efficiency as the LowMC instances it is based on.

Category / Keywords: secret-key cryptography / Tweakable block cipher, Backdoor, Differential cryptanalysis, LowMC-M

Original Publication (with minor differences): IACR-CRYPTO-2020

Date: received 15 Aug 2020, last revised 16 Sep 2020

Contact author: wang1153 at e ntu edu sg

Available format(s): PDF | BibTeX Citation

Version: 20200916:082414 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]