Subverting Deniability

Armour, Marcel; Quaglia, Elizabeth A.

doi:10.1007/978-3-031-20917-8_4

Subverting Deniability

Conference paper
First Online: 07 November 2022

413 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13600))

Abstract

Deniable public-key encryption (DPKE) is a cryptographic primitive that allows the sender of an encrypted message to later claim that they sent a different message. DPKE’s threat model assumes powerful adversaries who can coerce users to reveal plaintexts; it is thus reasonable to consider other advanced capabilities, such as being able to subvert algorithms in a so-called Algorithm Substitution Attack (ASA). ASAs have been considered against a number of primitives including digital signatures, symmetric encryption and pseudo-random generators. However, public-key encryption has presented a less fruitful target, as the sender’s only secrets are plaintexts and ASA techniques generally do not provide sufficient bandwidth to leak these.

In this article, we give a formal model of ASAs against DPKE, and argue that subversion attacks against DPKE schemes present an attractive opportunity for an adversary. Our results strengthen the security model for DPKE and highlight the necessity of considering subversion in the design of practical schemes.

An extended version of this article is available at https://pure.royalholloway.ac.uk/portal/files/46742531/main.pdf [3].

The research of Armour was supported by the EPSRC and the UK government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/P009301/1).

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 54.99; Price excludes VAT (USA)

Softcover Book: USD 69.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

1.
Here universal means that the ASA applies generically to any encryption scheme, and consistent essentially means that the ASA outputs genuine ciphertexts.
2.
Chen et al. [9] overcome these limitations by using non-generic techniques against KEM-DEM constructions to leak underlying plaintexts representing (session) keys.
3.
Gunn et al. [11] consider circumventing cryptographic deniability, which is similar in spirit. However, their scenario is quite different: firstly, they consider deniable communication protocols (such as Signal). Secondly, they do not consider subversion attacks – instead, their scenario is logically equivalent to compromising the receiver.
4.
See the extended version [3] for a complete discussion of the message sampler.
5.
Our informal notions (‘realistic’ and ‘practical’) are easily reformulated in terms of probabilistic polynomial-time (PPT) algorithms. However, given that asymptotic notions don’t reflect practice particularly well, we prefer to use the informal terms.
6.
As an interesting aside, the approach for iO deniability schemes is to hide an encoding of the faked ciphertext within randomness; the encryption algorithm first checks whether the randomness encodes a ciphertext c and if so outputs c; if not, it proceeds to encrypt the message. The security follows from the fact that iO obfuscates the inner working of the algorithm so that it appears as a black box. This results in large, structured randomness inputs which would seem to facilitate subversion.

References

Agrawal, S., Goldwasser, S., Mossel, S.: Deniable fully homomorphic encryption from learning with errors. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 641–670. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_22
Chapter Google Scholar
Armour, M., Poettering, B.: Subverting decryption in AEAD. In: Albrecht, M. (ed.) IMACC 2019. LNCS, vol. 11929, pp. 22–41. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35199-1_2
Chapter Google Scholar
Armour, M., Quaglia, E.A.: Subverting deniability. Royal Holloway University of London repository (2022). https://pure.royalholloway.ac.uk/portal/files/46742531/main.pdf
Bellare, M., Jaeger, J., Kane, D.: Mass-surveillance without the state: Strongly undetectable algorithm-substitution attacks. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015: 22nd Conference on Computer and Communications Security, pp. 1431–1440. ACM Press (2015). https://doi.org/10.1145/2810103.2813681
Berndt, S., Liskiewicz, M.: Algorithm substitution attacks from a steganographic perspective. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017: 24th Conference on Computer and Communications Security, pp. 1649–1660. ACM Press (2017). https://doi.org/10.1145/3133956.3133981
Canetti, R., Dwork, C., Naor, M., Ostrovsky, R.: Deniable encryption. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 90–104. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052229
Chapter Google Scholar
Canetti, R., Park, S., Poburinnaya, O.: Fully deniable interactive encryption. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12170, pp. 807–835. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56784-2_27
Chapter Google Scholar
Celi, S., Symeonidis, I.: The current state of denial. In: HotPETS (2020)
Google Scholar
Chen, R., Huang, X., Yung, M.: Subvert KEM to break DEM: practical algorithm-substitution attacks on public-key encryption. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 98–128. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_4
Chapter Google Scholar
De Caro, A., Iovino, V., O’Neill, A.: Deniable functional encryption. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 196–222. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49384-7_8
Chapter Google Scholar
Gunn, L.J., Parra, R.V., Asokan, N.: Circumventing cryptographic deniability with remote attestation. Proc. Priv. Enhancing Technol. 2019(3), 350–369 (2019). https://doi.org/10.2478/popets-2019-0051
Article Google Scholar
Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Shmoys, D.B. (ed.) 46th Annual ACM Symposium on Theory of Computing, pp. 475–484. ACM Press (2014). https://doi.org/10.1145/2591796.2591825
Schneier, B., Fredrikson, M., Kohno, T., Ristenpart, T.: Surreptitiously weakening cryptographic systems. Cryptology ePrint Archive, Report 2015/097 (2015). https://eprint.iacr.org/2015/097

Download references

Author information

Authors and Affiliations

Royal Holloway, University of London, Egham, UK
Marcel Armour & Elizabeth A. Quaglia

Authors

Marcel Armour
View author publications
You can also search for this author in PubMed Google Scholar
Elizabeth A. Quaglia
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marcel Armour .

Editor information

Editors and Affiliations

Nanjing University of Aeronautics and Astronautics, Nanjing, China
Chunpeng Ge
University of Wollongong, Wollongong, NSW, Australia
Fuchun Guo

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Armour, M., Quaglia, E.A. (2022). Subverting Deniability. In: Ge, C., Guo, F. (eds) Provable and Practical Security. ProvSec 2022. Lecture Notes in Computer Science, vol 13600. Springer, Cham. https://doi.org/10.1007/978-3-031-20917-8_4

Download citation

DOI: https://doi.org/10.1007/978-3-031-20917-8_4
Published: 07 November 2022
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-20916-1
Online ISBN: 978-3-031-20917-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics