Paper 2023/1951
Protection Against Subversion Corruptions via Reverse Firewalls in the Plain Universal Composability Framework
Abstract
While many modern cryptographic primitives have stood the test of time, attackers started to expand beyond classic cryptanalysis by targeting implementations. Subversion attacks, where the attacker replaces the implementation of the cryptographic primitive to leak sensitive information about the user during a protocol execution, are among the most dangerous of such attacks. The revelations of Snowden have shown that these attacks are deployed by intelligence services. A very promising countermeasure uses cryptographic reverse firewalls that actively remove the covert channel leaking the secret. Chakraborty et al. (EUROCRYPT’22) presented the first model of such firewalls in the universal composability (UC) framework. However, using such a firewall also provides a possible new target for the attacker and in the case that an honest party uses a corrupted firewall, they were not able to prove any security guarantees. Furthermore, their model is quite complex and does not fit into the plain UC model as they restrict the environment. Hence, the authors needed to reprove fundamental theorems such as the composition theorem as well as the security of the underlying protocol. In this paper, we consider a slightly different model of subversion attacks that replace the used randomness, inspired by Dodis et al. (CRYPTO’16), that captures all known subversion attacks. Considering these realistic attacks allows us to use existing UC-secure protocols without the need to reprove their security. We also introduce additional notions of firewall properties, allowing us to reason about corrupted firewalls while maintaining strong security guarantees. To show the versatility of our model, we apply it to commitments and oblivious transfer. This demonstrates the usefulness of our plain UC model, as the only known previous subversion-resilient OT, recently provided by Chakraborty et al. (ASIACRYPT’24), is much more complicated and involved, and was also in the non-plain UC model.
Note: * Clarified many details, * added simpler guide on how to use the model, and * more detailed comparison to related work.
Metadata
- Available format(s)
-
PDF
- Category
- Foundations
- Publication info
- Preprint.
- Keywords
- Subversion ResilienceUniversal ComposabilityOT
- Contact author(s)
-
p arnold @ uni-luebeck de
sebastian berndt @ th-luebeck de
mueller-quade @ kit edu
ottenhues @ kit edu - History
- 2025-02-19: revised
- 2023-12-23: received
- See all versions
- Short URL
- https://ia.cr/2023/1951
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1951, author = {Paula Arnold and Sebastian Berndt and Jörn Müller-Quade and Astrid Ottenhues}, title = {Protection Against Subversion Corruptions via Reverse Firewalls in the Plain Universal Composability Framework}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1951}, year = {2023}, url = {https://eprint.iacr.org/2023/1951} }