Skip to main content

Malicious Cryptography: Kleptographic Aspects

  • Conference paper
Topics in Cryptology – CT-RSA 2005 (CT-RSA 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3376))

Included in the following conference series:

Abstract

In the last few years we have concentrated our research efforts on new threats to the computing infrastructure that are the result of combining malicious software (malware) technology with modern cryptography. At some point during our investigation we ended up asking ourselves the following question: what if the malware (i.e., Trojan horse) resides within a cryptographic system itself? This led us to realize that in certain scenarios of black box cryptography (namely, when the code is inaccessible to scrutiny as in the case of tamper proof cryptosystems or when no one cares enough to scrutinize the code) there are attacks that employ cryptography itself against cryptographic systems in such a way that the attack possesses unique properties (i.e., special advantages that attackers have such as granting the attacker exclusive access to crucial information where the exclusive access privelege holds even if the Trojan is reverse-engineered). We called the art of designing this set of attacks “kleptography.” In this paper we demonstrate the power of kleptography by illustrating a carefully designed attack against RSA key generation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Crépeau, C., Slakmon, A.: Simple backdoors for RSA key generation. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 403–416. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  2. Lenstra, A.K.: Generating RSAModuli with a Predetermined Portion. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 1–10. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  3. Nguyên, P.Q.: Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 555–570. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Rabin, M.: Digitalized signatures and public-key functions as intractable as factorization. TR-212, MIT Laboratory for Computer Science (January 1979)

    Google Scholar 

  5. Rivest, R., Shamir, A., Adleman, L.: A method for obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)

    Article  MATH  MathSciNet  Google Scholar 

  6. Young, A., Yung, M.: Malicious Cryptography: Exposing Cryptovirology. Wiley Publishing Inc., Chichester (2004)

    Google Scholar 

  7. Young, A., Yung, M.: The Dark Side of Black-Box Cryptography, or: Should we trust Capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996)

    Google Scholar 

  8. Young, A., Yung, M.: Kleptography: Using Cryptography Against Cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62–74. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  9. Young, A.: Kleptography: Using Cryptography Against Cryptography. PhD Thesis, Columbia University (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Young, A., Yung, M. (2005). Malicious Cryptography: Kleptographic Aspects. In: Menezes, A. (eds) Topics in Cryptology – CT-RSA 2005. CT-RSA 2005. Lecture Notes in Computer Science, vol 3376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30574-3_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30574-3_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24399-1

  • Online ISBN: 978-3-540-30574-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics