Paper 2024/536
Highly-Effective Backdoors for Hash Functions and Beyond
Abstract
We study the possibility of schemes whose public parameters have been generated along with a backdoor. We consider the goal of the big-brother adversary to be two-fold: It desires utility (it can break the scheme) but also exclusivity (nobody else can). Starting with hash functions, we give new, strong definitions for these two goals, calling the combination high effectiveness. We then present a construction of a backdoored hash function that is highly effective, meaning provably meets our new definition. As an application, we investigate forgery of X.509 certificates that use this hash function. We then consider signatures, again giving a definition of high effectiveness, and showing that it can be achieved. But we also give some positive results, namely that for the Okamoto and Katz-Wang signature schemes, certain natural backdoor strategies are provably futile. Our backdoored constructions serve to warn that backdoors can be more powerful and damaging than previously conceived, and to help defenders and developers identify potential backdoors by illustrating how they might be built. Our positive results illustrate that some schemes do offer more backdoor resistance than others, which may make them preferable.
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Preprint.
- Keywords
- subversionhash functionschameleon hash functionssignaturesOkamoto signatures
- Contact author(s)
-
mbellare @ ucsd edu
driepel @ ucsd edu
lmshea @ ucsd edu - History
- 2024-04-18: revised
- 2024-04-06: received
- See all versions
- Short URL
- https://ia.cr/2024/536
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/536,
author = {Mihir Bellare and Doreen Riepel and Laura Shea},
title = {Highly-Effective Backdoors for Hash Functions and Beyond},
howpublished = {Cryptology ePrint Archive, Paper 2024/536},
year = {2024},
note = {\url{https://eprint.iacr.org/2024/536}},
url = {https://eprint.iacr.org/2024/536}
}
