Abstract
Since 1996 we have dedicated research effort on discovering new threats to the computing infrastructure that are the result of combining malicious software (malware) technology with modern cryptography. To the best of our knowledge, this was the first attempt to employ cryptographic methodologies not for defense (e.g., to hide messages, protect their integrity, or even to generate polymorphic malware for hiding it, etc.), but for attack. Our focus was on using cryptography specifically as an attack technology (e.g., we introduced secure data kidnapping attacks now referred to as ransomware). At some point during our investigation we ended up asking ourselves the following question: what if the malware (i.e., Trojan horse) resides within a cryptographic system itself (replacing existing cryptographic logic)? This led us to realize that in certain scenarios of black-box cryptography there are attacks that employ cryptography itself against cryptographic systems. Examples of black-box cryptography include when the code is inaccessible to scrutiny, say, due to software obfuscation, due to tamper-resistant housing, or when no one cares enough to scrutinize the code as has happened to many open source programs. The attack involves replacing the algorithm in a way that black-box access to the program does not reveal the attack. We showed that when the attack utilizes cryptography such that the trapdoor is in the hands of the attacker but not in the program itself then the attack possesses unique asymmetric properties. For example, it grants the attacker exclusive access to private information where the exclusive access privilege holds even when the Trojan is reverse-engineered. This asymmetric Trojan is much stronger than the more naive symmetric Trojan where the reverse-engineer recovers the power of the attacker from the code. We called the art of designing this set of attacks “kleptography.” In more recent years, there have been allegations that kleptographic attacks have been mounted for real against the American public. Here, we present a demonstration of the power of kleptography by illustrating a carefully designed attack against the RSA key generation algorithm and we prove the security of the attack.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
e.g., found in practice via the costly process of reverse-engineering one of the devices.
- 2.
For example, with \(e=2^{16}+1\) as in many fielded cryptosystems.
- 3.
Polynomial in W / 2, the security parameter of the attacker’s Rabin modulus N.
- 4.
The key to this being true is that \(n'\) is a random W-bit string and so it can have a leading zero. So, |pq| can be less than W bits, the same as in the operation in the honest device before p and q are output.
- 5.
Polynomial in W / 2.
- 6.
Polynomial in W.
References
Crépeau, C., Slakmon, A.: Simple backdoors for RSA key generation. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 403–416. Springer, Heidelberg (2003)
Lenstra, Arjen K.: Generating RSA moduli with a predetermined portion. In: Ohta, Kazuo, Pei, Dingyi (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 1–10. Springer, Heidelberg (1998)
Nguyên, P.Q.: Can we trust cryptographic software? cryptographic flaws in gnu privacy guard v1.2.3. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 555–570. Springer, Heidelberg (2004)
Rabin, M.: Digitalized signatures and public-key functions as intractable as factorization, TR-212, MIT Laboratory for Computer Science, January 1979
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Young, A., Yung, M.: Malicious Cryptography: Exposing Cryptovirology. Wiley Publishing Inc, Indianapolis (2004)
Young, A.: Kleptography: using cryptography against cryptography. Ph.D. thesis, Columbia University (2002)
Young, Adam, Yung, Moti: The dark side of “black-box” cryptography, or: should we trust capstone? In: Koblitz, Neal (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996)
Young, A., Yung, M.: Kleptography: using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62–74. Springer, Heidelberg (1997)
Young, A., Yung, M.: The prevalence of kleptographic attacks on discrete-log based cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 264–276. Springer, Heidelberg (1997)
Young, A., Yung, M.: Malicious cryptography: kleptographic aspects. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 7–18. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Young, A., Yung, M. (2016). Cryptography as an Attack Technology: Proving the RSA/Factoring Kleptographic Attack. In: Ryan, P., Naccache, D., Quisquater, JJ. (eds) The New Codebreakers. Lecture Notes in Computer Science(), vol 9100. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-49301-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-662-49301-4_16
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-49300-7
Online ISBN: 978-3-662-49301-4
eBook Packages: Computer ScienceComputer Science (R0)