Protection Against Subversion Corruptions via Reverse Firewalls in the plain Universal Composability Framework

Paula Arnold; Sebastian Berndt; Jörn Müller-Quade; Astrid Ottenhues

Paper 2023/1951

Protection Against Subversion Corruptions via Reverse Firewalls in the plain Universal Composability Framework

Paula Arnold, University of Lübeck

Sebastian Berndt

, University of Lübeck

Jörn Müller-Quade, Karlsruhe Institute of Technology

Astrid Ottenhues, Karlsruhe Institute of Technology

Abstract

While many modern cryptographic primitives have stood the test of time, attacker have already begun to expand their attacks beyond classical cryptanalysis by specifically targeting implementations. One of the most well-documented classes of such attacks are subversion (or substitution) attacks, where the attacker replaces the Implementation of the cryptographic primitive in an undetectable way such that the subverted implementation leaks sensitive information of the user during a protocol execution. The revelations of Snowden have shown that this is not only a dangerous theoretical attack, but an attack deployed by intelligence services. Several possible solutions for protection against these attacks are proposed in current literature. Among the most widely studied ones are cryptographic reverse firewalls that aim to actively remove the covert channel leaking the secret. While different protocols supporting such firewalls have been proposed, they do no guarantee security in the presence of concurrent runs. This situation was resolved by a recent work of Chakraborty et al. (EUROCRYPT 2022) that presented the first UC-model of such firewalls. Their model allows to provide security if a subverted party uses an honest firewall. However, using such a firewall also provides a possible new target for the attacker and in the case that an honest party uses a corrupted firewall, they were not able to prove any security guarantees. Furthermore, their model is quite complex and does not fit into the plain UC model. Hence, the authors needed to reprove fundamental theorems such as the composition theorem. Finally, the high complexity of their model also makes designing corresponding protocols a challenging task, as one also needs to reprove the security of the underlying protocol. In this paper, we present a simpler model capturing cryptographic reverse firewalls in the plain UC model. The simplicity of our model allows to also reason about corrupted firewalls and still maintain strong security guarantees. Furthermore, we resolve the open question by Chakraborty et al. (EUROCRYPT 2022) and by Chakraborty et al. (EUROCRYPT 2023) and present the first direct UC-secure oblivious transfer protocol along with a cryptographic reverse firewall.

Metadata

Available format(s): PDF
Category: Foundations
Publication info: Preprint.
Keywords: subversion attacks universal composability reverse firewalls post-snowden cryptography
Contact author(s): p arnold @ uni-luebeck de
s berndt @ uni-luebeck de
mueller-quade @ kit edu
ottenhues @ kit edu
History: 2023-12-25: approved; 2023-12-23: received; See all versions
Short URL: https://ia.cr/2023/1951
License: CC BY

BibTeX

@misc{cryptoeprint:2023/1951,
      author = {Paula Arnold and Sebastian Berndt and Jörn Müller-Quade and Astrid Ottenhues},
      title = {Protection Against Subversion Corruptions via Reverse Firewalls in the plain Universal Composability Framework},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1951},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1951}},
      url = {https://eprint.iacr.org/2023/1951}
}