Abstract
Adversarial implementations of cryptographic primitives called kleptographic attacks cause the leakage of secret information. Subliminal channel attacks are one of the kleptographic attacks. In such attacks, backdoors are embedded in implementations of randomized algorithms to elaborately control randomness generation, such that the secrets will be leaked from biased outputs. To thwart subliminal channel attacks, double-splitting is a feasible solution, which splits the randomness generator of a randomized algorithm into two independent generators. In this paper, we instantiate double-splitting to propose a secure randomness generation algorithm dubbed SRG using two physically independent generators: ordinary and public randomness generators. Based on public blockchains, we construct the public randomness generator, which can be verified publicly. Hashes of a sufficient number of consecutive blocks that are newly confirmed on a blockchain are used to produce public randomness. In SRG, outputs from the two generators are taken as inputs of an immunization function. SRG accomplishes immunization against subliminal channel attacks. Additionally, we discuss the application strategies of SRG for symmetric and public-key encryption.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Young A, Yung M. The dark side of “black-box” cryptography or: should we trust capstone? In: Proceedings of Annual International Cryptology Conference, 1996. 89–103
Young A, Yung M. Kleptography: using cryptography against cryptography. In: Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques, 1997. 62–74
Perlroth N, Larson J, Shane S. NSA able to foil basic safeguards of privacy on web. The New York Times, 2013. http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html
Bellare M, Paterson K G, Rogaway P. Security of symmetric encryption against mass surveillance. In: Proceedings of Annual Cryptology Conference, 2014. 1–19
Bellare M, Jaeger J, Kane D. Mass-surveillance without the state: strongly undetectable algorithm-substitution attacks. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security, 2015. 1431–1440
Chow S S, Russell A, Tang Q, et al. Let a non-barking watchdog bite: cliptographic signatures with an offline watchdog. In: Proceedings of IACR International Workshop on Public Key Cryptography, 2019. 221–251
Bemmann P, Chen R, Jager T. Subversion-resilient public key encryption with practical watchdogs. In: Proceedings of IACR International Conference on Public-Key Cryptography, 2021. 627–658
Russell A, Tang Q, Yung M, et al. Cliptography: clipping the power of kleptographic attacks. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security, 2016. 34–64
Russell A, Tang Q, Yung M, et al. Generic semantic security against a kleptographic adversary. In: Proceedings of ACM SIGSAC Conference on Computer and Communications Security, 2017. 907–922
Nakamoto S. Bitcoin: a peer-to-peer electronic cash system. 2008. https://bitcoin.org/bitcoin.pdf
Wood G. Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper, 2014, 151: 1–32
Garay J, Kiayias A, Leonardos N. The Bitcoin backbone protocol: analysis and applications. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2015. 281–310
Badertscher C, Maurer U, Tschudi D, et al. Bitcoin as a transaction ledger: a composable treatment. In: Proceedings of Annual International Cryptology Conference, 2017. 324–356
Pass R, Seeman L, Shelat A. Analysis of the blockchain protocol in asynchronous networks. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2017. 643–673
Zhang Y, Xu C, Cheng N, et al. Chronos+: an accurate blockchain-based time-stamping scheme for cloud storage. IEEE Trans Serv Comput, 2020, 13: 216–229
Armknecht F, Bohli J M, Karame G O, et al. Transparent data deduplication in the cloud. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015. 886–900
Armknecht F, Bohli J M, Karame G O, et al. Outsourced proofs of retrievability. In: Proceedings of ACM SIGSAC Conference on Computer and Communications Security, 2014. 831–843
Sun L X, Xu C X, Zhang M W, et al. Secure searchable public key encryption against insider keyword guessing attacks from indistinguishability obfuscation. Sci China Inf Sci, 2018, 61: 038106
Jiang C, Xu C, Cao C, et al. GAIN: decentralized privacy-preserving federated learning. J Inf Secur Appl, 2023, 78: 103615
Chow S S M, Hui L C K, Yiu S M, et al. Practical electronic lotteries with offline TTP. Comput Commun, 2006, 29: 2830–2840
Bellare M, Hoang V T. Resisting randomness subversion: fast deterministic and hedged public-key encryption in the standard model. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2015. 627–656
Ateniese G, Magri B, Venturi D. Subversion-resilient signature schemes. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015. 364–375
Mironov I, Stephens-Davidowitz N. Cryptographic reverse firewalls. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2015. 657–686
Chen R, Mu Y, Yang G, et al. Cryptographic reverse firewall via malleable smooth projective hash functions. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security, 2016. 844–876
Chen R, Huang X, Yung M. Subvert KEM to break DEM: practical algorithm-substitution attacks on public-key encryption. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security, 2020. 98–128
Jiang C, Xu C, Zhang Z, et al. SR-PEKS: subversion-resistant public key encryption with keyword search. IEEE Trans Cloud Comput, 2023, 11: 3168–3183
Fischlin M Mazaheri S. Self-guarding cryptographic protocols against algorithm substitution attacks. In: Proceedings of the 31st IEEE Computer Security Foundations Symposium, 2018. 76–90
Degabriele J P, Farshim P, Poettering B. A more cautious approach to security against mass surveillance. In: Proceedings of International Workshop on Fast Software Encryption, 2015. 579–598
Russell A, Tang Q, Yung M, et al. Correcting subverted random oracles. In: Proceedings of Annual International Cryptology Conference, 2018. 241–271
Ateniese G, Francati D, Magri B, et al. Public immunization against complete subversion without random oracles. In: Proceedings of International Conference on Applied Cryptography and Network Security, 2019. 465–485
Bonneau J, Clark J, Goldfeder S. On Bitcoin as a public randomness source. 2015. https://eprint.iacr.org/2015/1015.pdf
Jiang C, Xu C, Zhang Y. PFLM: privacy-preserving federated learning with membership proof. Inf Sci, 2021, 576: 288–311
Kiayias A, Russell A, David B, et al. Ouroboros: a provably secure proof-of-stake blockchain protocol. In: Proceedings of Annual International Cryptology Conference, 2017. 357–388
Kiayias A, Panagiotakos G. Speed-security tradeoffs in blockchain protocols. 2015. https://eprint.iacr.org/2015/1019.pdf
Katz J, Lindell Y. Introduction to Modern Cryptography. Boca Raton: CRC Press, 2020
Acknowledgements
This work was supported in part by National Nature Science Foundation of China (Grant Nos. 62272091, 61872060) and National Key R&D Program of China (Grant No. 2017YFB0802000).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jiang, C., Xu, C., Chen, J. et al. Blockchain-based immunization against kleptographic attacks. Sci. China Inf. Sci. 67, 172102 (2024). https://doi.org/10.1007/s11432-023-3883-4
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-023-3883-4