Paper 2022/1405
Subverting Deniability
Abstract
Deniable public-key encryption (DPKE) is a cryptographic primitive that allows the sender of an encrypted message to later claim that they sent a different message. DPKE's threat model assumes powerful adversaries who can coerce users to reveal plaintexts; it is thus reasonable to consider other advanced capabilities, such as the ability to subvert algorithms in a so-called Algorithm Substitution Attack (ASA). An ASA replaces a trusted algorithm with a subverted version that undermines security from the point of view of the adversary while remaining undetected by users. ASAs have been considered against a number of primitives including digital signatures, symmetric encryption and pseudo-random generators. However, public-key encryption has presented a less fruitful target, as the sender's only secrets are plaintexts and ASA techniques generally do not provide sufficient bandwidth to leak these. In this work, we show that subversion attacks against deniable encryption schemes present an attractive opportunity for an adversary. We note that whilst the notion is widely accepted, there are as yet no practical deniable PKE schemes; we demonstrate the feasibility of ASAs targeting deniable encryption using a representative scheme as a proof of concept. We also provide a formal model and discuss how to mitigate ASAs targeting deniable PKE schemes. Our results strengthen the security model for deniable encryption and highlight the necessity of considering subversion in the design of practical schemes.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. Provable and Practical Security
- Keywords
- Deniable Encryption Algorithm Substitution Attacks
- Contact author(s)
-
marcel armour 2017 @ rhul ac uk
Elizabeth quaglia @ rhul ac uk - History
- 2022-10-23: approved
- 2022-10-16: received
- See all versions
- Short URL
- https://ia.cr/2022/1405
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1405, author = {Marcel Armour and Elizabeth A. Quaglia}, title = {Subverting Deniability}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/1405}, year = {2022}, url = {https://eprint.iacr.org/2022/1405} }