Paper 2023/1951

Protection Against Subversion Corruptions via Reverse Firewalls in the plain Universal Composability Framework

Paula Arnold, University of Lübeck
Sebastian Berndt, University of Lübeck
Jörn Müller-Quade, Karlsruhe Institute of Technology
Astrid Ottenhues, Karlsruhe Institute of Technology
Abstract

While many modern cryptographic primitives have stood the test of time, attacker have already begun to expand their attacks beyond classical cryptanalysis by specifically targeting implementations. One of the most well-documented classes of such attacks are subversion (or substitution) attacks, where the attacker replaces the Implementation of the cryptographic primitive in an undetectable way such that the subverted implementation leaks sensitive information of the user during a protocol execution. The revelations of Snowden have shown that this is not only a dangerous theoretical attack, but an attack deployed by intelligence services. Several possible solutions for protection against these attacks are proposed in current literature. Among the most widely studied ones are cryptographic reverse firewalls that aim to actively remove the covert channel leaking the secret. While different protocols supporting such firewalls have been proposed, they do no guarantee security in the presence of concurrent runs. This situation was resolved by a recent work of Chakraborty et al. (EUROCRYPT 2022) that presented the first UC-model of such firewalls. Their model allows to provide security if a subverted party uses an honest firewall. However, using such a firewall also provides a possible new target for the attacker and in the case that an honest party uses a corrupted firewall, they were not able to prove any security guarantees. Furthermore, their model is quite complex and does not fit into the plain UC model. Hence, the authors needed to reprove fundamental theorems such as the composition theorem. Finally, the high complexity of their model also makes designing corresponding protocols a challenging task, as one also needs to reprove the security of the underlying protocol. In this paper, we present a simpler model capturing cryptographic reverse firewalls in the plain UC model. The simplicity of our model allows to also reason about corrupted firewalls and still maintain strong security guarantees. Furthermore, we resolve the open question by Chakraborty et al. (EUROCRYPT 2022) and by Chakraborty et al. (EUROCRYPT 2023) and present the first direct UC-secure oblivious transfer protocol along with a cryptographic reverse firewall.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint.
Keywords
subversion attacksuniversal composabilityreverse firewallspost-snowden cryptography
Contact author(s)
p arnold @ uni-luebeck de
s berndt @ uni-luebeck de
mueller-quade @ kit edu
ottenhues @ kit edu
History
2023-12-25: approved
2023-12-23: received
See all versions
Short URL
https://ia.cr/2023/1951
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1951,
      author = {Paula Arnold and Sebastian Berndt and Jörn Müller-Quade and Astrid Ottenhues},
      title = {Protection Against Subversion Corruptions via Reverse Firewalls in the plain Universal Composability Framework},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1951},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1951}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.