Skip to main content
Springer Nature Link
Log in

Substitution Attacks Against Sigma Protocols

  • Conference paper
  • First Online:
Cyberspace Safety and Security (CSS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13547))

Included in the following conference series:

  • 1024 Accesses

Abstract

Inspired by the Snowden revelations, Bellare, Paterson, and Rogaway proposed the notion of Algorithm Substitution Attack (ASA) where the attacker could subvert cryptographic algorithms to leak secret information stealthily. Since their work, there have been several ASAs proposed for various cryptographic schemes such as encryption schemes and digital signatures. In this work, we investigate the first study of ASA against \(\varSigma \) protocols which are widely considered as an important and useful cryptographic tool. Concretely, we formally define the ASA models for subverting \(\varSigma \) protocols and propose two concrete attacks that are mainly inspired by the attacks by Bellare et al. (CRYPTO’14) and Chen et al. (ASIACRYPT’20). In our proposed attacks, a subverted prover could leak the secret witness to the outside world in undetectable way by generating biased commitment, and a subverted verifier could break the knowledge soundness by choosing a biased challenge. Several concrete \(\varSigma \) protocols are also provided to demonstrate the feasibility of our proposed attack. Our work shows that ASAs have powerful impacts on \(\varSigma \) protocols, and thus it is highly desirable for the research community to design new \(\varSigma \) protocols that could resist ASAs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Abdolmaleki, B., Baghery, K., Lipmaa, H., Zając, M.: A subversion-resistant SNARK. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10626, pp. 3–33. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70700-6_1

    Chapter  Google Scholar 

  2. Abe, M., Ambrona, M., Bogdanov, A., Ohkubo, M., Rosen, A.: Non-interactive composition of sigma-protocols via share-then-hash. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12493, pp. 749–773. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64840-4_25

    Chapter  Google Scholar 

  3. Armour, M., Poettering, B.: Substitution attacks against message authentication. In: Cryptology ePrint Archive (2019)

    Google Scholar 

  4. Armour, M., Poettering, B.: Subverting decryption in AEAD. In: Albrecht, M. (ed.) IMACC 2019. LNCS, vol. 11929, pp. 22–41. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35199-1_2

    Chapter  Google Scholar 

  5. Ateniese, G., Magri, B., Venturi, D.: Subversion-resilient signatures: definitions, constructions and applications. Theoret. Comput. Sci. 820, 91–122 (2015)

    Article  MathSciNet  Google Scholar 

  6. Attema, T., Cramer, R., Rambaud, M.: Compressed \(\sigma \)-protocols for bilinear group arithmetic circuits and application to logarithmic transparent threshold signatures. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 526–556. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92068-5_18

  7. Bangerter, E., Camenisch, J., Krenn, S.: Efficiency Limitations for \(\sigma \)-Protocols for Group Homomorphisms. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 553–571. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11799-2_33

  8. Bellare, M., Fuchsbauer, G., Scafuro, A.: NIZKs with an untrusted CRS: security in the face of parameter subversion. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 777–804. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_26

    Chapter  MATH  Google Scholar 

  9. Bellare, M., Jaeger, J., Kane, D.: Mass-surveillance without the state: Strongly undetectable algorithm-substitution attacks (2015)

    Google Scholar 

  10. Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 1–19. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_1

    Chapter  Google Scholar 

  11. Bellare, M., Ristov, T.: Hash functions from sigma protocols and improvements to VSH. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 125–142. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89255-7_9

    Chapter  Google Scholar 

  12. Ben-Sasson, E., Chiesa, A., Green, M., Tromer, E., Virza, M.: Secure sampling of public parameters for succinct zero knowledge proofs. In: 2015 IEEE Symposium on Security and Privacy, pp. 287–304 (2015). https://doi.org/10.1109/SP.2015.25

  13. Berndt, S., Wichelmann, J., Pott, C., Traving, T.H., Eisenbarth, T.: ASAP: algorithm substitution attacks on cryptographic protocols. Cryptology ePrint Archive, Report 2020/1452 (2020)

    Google Scholar 

  14. Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_7

    Chapter  Google Scholar 

  15. Chen, R., Huang, X., Yung, M.: Subvert KEM to break DEM: practical algorithm-substitution attacks on public-key encryption. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 98–128. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_4

    Chapter  Google Scholar 

  16. Degabriele, J.P., Farshim, P., Poettering, B.: A more cautious approach to security against mass surveillance. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 579–598. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48116-5_28

    Chapter  Google Scholar 

  17. Guillou, L.C., Quisquater, J.-J.: A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123–128. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-45961-8_11

    Chapter  Google Scholar 

  18. Marchiori, D., Giron, A.A., do Nascimento, J.P.A., Custódio, R.: Timing analysis of algorithm substitution attacks in a post-quantum TLS protocol. In: Anais do XXI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais. pp. 127–140 (2021)

    Google Scholar 

  19. Maurer, U.: Zero-knowledge proofs of knowledge for group homomorphisms. Des. Codes Crptogr. 77, 663–676 (2015). https://doi.org/10.1007/s10623-015-0103-5

    Article  MathSciNet  MATH  Google Scholar 

  20. Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_3

    Chapter  Google Scholar 

  21. Schnorr, C.P.: Efficient signature generation by smart cards. J. Crptogr. 4, 161–174 (1991). https://doi.org/10.1007/BF00196725

    Article  MATH  Google Scholar 

  22. Teşeleanu, G.: Unifying kleptographic attacks. In: Gruschka, N. (ed.) NordSec 2018. LNCS, vol. 11252, pp. 73–87. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03638-6_5

    Chapter  Google Scholar 

  23. Young, A., Yung, M.: The dark side of “Black-Box’’ cryptography or: should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_8

    Chapter  Google Scholar 

  24. Young, A., Yung, M.: Kleptography: using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62–74. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_6

    Chapter  Google Scholar 

  25. Young, A., Yung, M.: Malicious cryptography: kleptographic aspects. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 7–18. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30574-3_2

    Chapter  Google Scholar 

  26. Young, A., Yung, M.: The prevalence of kleptographic attacks on discrete-log based cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 264–276. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052241

    Chapter  Google Scholar 

  27. Young, A., Yung, M.: A space efficient backdoor in RSA and its applications. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 128–143. Springer, Heidelberg (2006). https://doi.org/10.1007/11693383_9

    Chapter  Google Scholar 

Download references

Acknowledgements

This work is support by National Natural Science Foundation of China (Grant No. 62122092, 62032005). Lin Liu is support by the National Natural Science Foundation of China (Grant No. 62102430) and the Natural Science Foundation of Hunan Province, China (Grant No. 2021JJ40688), and the Science Research Plan Program by NUDT (Grant No. ZK22-50).

Author information

Authors and Affiliations

  1. School of Computer, National University of Defense Technology, Changsha, China

    Yuliang Lin, Rongmao Chen, Yi Wang, Baosheng Wang & Lin Liu

Authors
  1. Yuliang Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rongmao Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yi Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Baosheng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Lin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Rongmao Chen , Yi Wang or Baosheng Wang .

Editor information

Editors and Affiliations

  1. Xidian University, Xi'an, China

    Xiaofeng Chen

  2. Nanjing University of Information Science, Nanjing, China

    Jian Shen

  3. University of Wollongong, Wollongong, NSW, Australia

    Willy Susilo

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lin, Y., Chen, R., Wang, Y., Wang, B., Liu, L. (2022). Substitution Attacks Against Sigma Protocols. In: Chen, X., Shen, J., Susilo, W. (eds) Cyberspace Safety and Security. CSS 2022. Lecture Notes in Computer Science, vol 13547. Springer, Cham. https://doi.org/10.1007/978-3-031-18067-5_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-18067-5_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-18066-8

  • Online ISBN: 978-3-031-18067-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics