### Subverting Deniability

##### Abstract

Deniable public-key encryption (DPKE) is a cryptographic primitive that allows the sender of an encrypted message to later claim that they sent a different message. DPKE's threat model assumes powerful adversaries who can coerce users to reveal plaintexts; it is thus reasonable to consider other advanced capabilities, such as the ability to subvert algorithms in a so-called Algorithm Substitution Attack (ASA). An ASA replaces a trusted algorithm with a subverted version that undermines security from the point of view of the adversary while remaining undetected by users. ASAs have been considered against a number of primitives including digital signatures, symmetric encryption and pseudo-random generators. However, public-key encryption has presented a less fruitful target, as the sender's only secrets are plaintexts and ASA techniques generally do not provide sufficient bandwidth to leak these. In this work, we show that subversion attacks against deniable encryption schemes present an attractive opportunity for an adversary. We note that whilst the notion is widely accepted, there are as yet no practical deniable PKE schemes; we demonstrate the feasibility of ASAs targeting deniable encryption using a representative scheme as a proof of concept. We also provide a formal model and discuss how to mitigate ASAs targeting deniable PKE schemes. Our results strengthen the security model for deniable encryption and highlight the necessity of considering subversion in the design of practical schemes.

Available format(s)
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. Provable and Practical Security
Keywords
Deniable Encryption Algorithm Substitution Attacks
Contact author(s)
marcel armour 2017 @ rhul ac uk
Elizabeth quaglia @ rhul ac uk
History
2022-10-23: approved
See all versions
Short URL
https://ia.cr/2022/1405

CC BY

BibTeX

@misc{cryptoeprint:2022/1405,
author = {Marcel Armour and Elizabeth A. Quaglia},
title = {Subverting Deniability},
howpublished = {Cryptology ePrint Archive, Paper 2022/1405},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/1405}},
url = {https://eprint.iacr.org/2022/1405}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.