The prevalence of kleptographic attacks on discrete-log based cryptosystems
- Adam YoungAffiliated withDept. of Computer Science, Columbia University
- , Moti YungAffiliated withCertCo
The notion of a Secretly Embedded Trapdoor with Universal Protection (SETUP) and its variations on attacking black-box cryptosystems has been recently introduced. The basic definitions, issues, and examples of various setup attacks (called Kleptographic attacks) have also been presented. The goal of this work is to describe a methodological way of attacking cryptosystems which exploits certain relations between cryptosystem instances which exist within cryptosystems. We call such relations “kleptograms”. The identified kleptogram is used as the base for searching for a setup.
In particular, we employ as a discrete log based kleptogram a basic setup that was presented for the Diffie-Hellman key exchange. We show how it can be embedded in a large number of systems: the ElGamal encryption algorithm, the ElGamal signature algorithm, DSA, the Schnorr signature algorithm, and the Menezes-Vanstone PKCS. These embeddings can be extended directly to the MTI two-pass protocol, the Girault key agreement protocol, and many other cryptographic systems. These attacks demonstrate a systematic way to mount kleptographic attacks. They also show the vulnerability of systems based on the difficulty of computing discrete logs.
The setup attack on DSA exhibits a large bandwidth channel capable of leaking information which hardware black-box implementations (e.g., the Capstone chip) can use. We also show how to employ such channels for what we call “device marking”.
Finally, note that it has been perceived that the DSA signature scheme was originally designed to be robust against its abuse as a public-key channel- to distinguish it from RSA signatures (where the signing function is actually a decryption function). In this paper we refute this “perceived advantage” and show how the DSA system (in hardware or software) can be easily modified to securely leak private keys and secure messages between two cooperating parties.
Key wordsDSA signature ElGamal encryption ElGamal signature Menezes-Vanstone PKCS Schnorr signature algorithm setup Discrete-Log Diffie-Hellman subliminal channels protocol abuse kleptography leakage-bandwidth randomness pseudorandomness cryptographic system implementations
- The prevalence of kleptographic attacks on discrete-log based cryptosystems
- Book Title
- Advances in Cryptology — CRYPTO '97
- Book Subtitle
- 17th Annual International Cryptology Conference Santa Barbara, California, USA August 17–21, 1997 Proceedings
- pp 264-276
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- Additional Links
- DSA signature
- ElGamal encryption
- ElGamal signature
- Menezes-Vanstone PKCS
- Schnorr signature algorithm
- subliminal channels
- protocol abuse
- cryptographic system implementations
- Industry Sectors
To view the rest of this content please follow the download PDF link above.