Asymmetric subversion attacks on signature and identification schemes

  • Yi Wang
  • Rongmao Chen
  • Chi Liu
  • Baosheng Wang
  • Yongjun Wang
Original Article


Studies of subversion attack against cryptosystem could be dated to several decades ago, while the Snowden revelation in 2013 has set off a new wave of exploring possible approaches to protect or subvert cryptography primitives in practice. Inspired by kleptographic attacks proposed by Young et al. [Crypto’96], we present the asymmetric subversion attack on signature and identification schemes in this work. Our contributions is summarized as follows:
  • We present the asymmetric subversion model for signature and identification schemes. The properties of our model are stronger than that of existing subversion model proposed by Giuseppe et al. [CCS’15] and show higher requirement in attack goal.

  • We propose the notion of splittable signature scheme and give a universal asymmetric subversion attack on such schemes. Our attack is independent of secret key size and more efficient than symmetric attacks introduced by Giuseppe et al. [CCS’15].

  • We introduce the asymmetric subversion attack on a special type of identification schemes and show that it can be transformed from splittable signature scheme.

Our subversion attack is demonstrated to be practical and could be mounted on many common schemes, which shows the danger of subversion attacks and spurs the exploring of effective deterrents.


Asymmetric subversion attack Signature scheme Identification scheme Undetectability Key recovery 


Funding information

This work is supported by the National Natural Science Foundation of China (Grant No. 61702541, No.61872087), the Young Elite Scientists Sponsorship Program by CAST (Grant No. 2017QNRC001), and the Science Research Plan Program by NUDT (Grant No, ZK17-03-46).


  1. 1.
    Liu C, Chen R, Wang Y et al (2018) Asymmetric subversion attacks on signature schemes. In: ACISP, pp 376–395Google Scholar
  2. 2.
    Ball J, Borger J, Greenwald G et al (2013) Revealed: how US and UK spy agencies defeat internet privacy and security. The Guardian 6:2–8Google Scholar
  3. 3.
    Perlroth N, Larson J, Shane S (2013) NSA able to foil basic safeguards of privacy on web. NY Times 5:1–8Google Scholar
  4. 4.
    Greenwald G (2014) No place to hide: Edward Snowden, the NSA, and the US surveillance state. Macmillan, LondonGoogle Scholar
  5. 5.
    Simmons GJ (1982) Message authentication without secrecy. In: AAAS selected symposia series, vol 69, pp 105–139Google Scholar
  6. 6.
    Simmons GJ (1983) Verification of treaty compliance–revisited. In: 1983 IEEE symposium on security and privacy. IEEE, p 61Google Scholar
  7. 7.
    Simmons GJ (1984) The subliminal channel and digital signatures. In: Workshop on the theory and application of of cryptographic techniques. Springer, pp 364–378Google Scholar
  8. 8.
    Young A, Yung M (1997) Kleptography: using cryptography against cryptography. In: EUROCRYPT, vol 97. Springer, pp 62–74Google Scholar
  9. 9.
    Young A, Yung M (1996) The dark side of “black-box” cryptography or: should we trust capstone?. In: CRYPTO, Springer, pp 89–103Google Scholar
  10. 10.
    Young A, Yung M (1997) The prevalence of kleptographic attacks on discrete-log based cryptosystems. In: CRYPTO, Springer, pp 264–276Google Scholar
  11. 11.
    Bellare M, Paterson KG, Rogaway P (2014) Security of symmetric encryption against mass surveillance. In: CRYPTO, pp 1–19Google Scholar
  12. 12.
    Bellare M, Jaeger J, Kane D (2015) Mass-surveillance without the state: strongly undetectable algorithm-substitution attacks. In: ACM CCS, ACM, pp 1431–1440Google Scholar
  13. 13.
    Ateniese G, Magri B, Venturi D (2015) Subversion-resilient signature schemes. In: ACM CCS, ACM, pp 364–375Google Scholar
  14. 14.
    Schnorr CP (1989) Efficient identification and signatures for smart cards. In: CRYPTO, pp 239–252Google Scholar
  15. 15.
    Boneh D (2011) Digital signature standard. In: Encyclopedia of cryptography and security, 2nd edn. p 347Google Scholar
  16. 16.
    Menezes AJ, Van Oorschot PC, Vanstone SA (1996) Handbook of applied cryptography. CRC Press, Boca RatonCrossRefzbMATHGoogle Scholar
  17. 17.
    ElGamal T (1985) A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans Inf Theor 31(4):469–472MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Waters B (2005) Efficient identity-based encryption without random oracles. In: EUROCRYPT, vol 3494. Springer, pp 114–127Google Scholar
  19. 19.
    Paterson KG (2002) ID-based signatures from pairings on elliptic curves. Electron Lett 38(18):1025–1026CrossRefGoogle Scholar
  20. 20.
    Zhang F, Kim K (2002) ID-based blind signature and ring signature from pairings. In: ASIACRYPT, pp 629–637Google Scholar
  21. 21.
    Kurosawa K, Heng SH (2004) From digital signature to ID-based identification/signature. In: PKC, pp 248–261Google Scholar
  22. 22.
    Mironov I, Stephens-Davidowitz N (2015) Cryptographic reverse firewalls. In: EUROCRYPT, Springer, pp 657–686Google Scholar
  23. 23.
    Fischlin M, Mazaheri S (2017) Self-guarding cryptographic protocols against algorithm substitution attacks. IACR Cryptology ePrint Archive 2017:984Google Scholar
  24. 24.
    Russell A, Tang Q, Yung M, Zhou H (2016) Cliptography: clipping the power of kleptographic attacks. In: ASIACRYPT, Part II, pp 34–64Google Scholar
  25. 25.
    Dodis Y, Mironov I, Stephens-Davidowitz N (2016) Message transmission with reverse firewalls - secure communication on corrupted machines. In: CRYPTO, Part II, pp 341–372Google Scholar
  26. 26.
    Chen R, Mu Y, Yang G, Susilo W, Guo F, Zhang M (2016) Cryptographic reverse firewall via malleable smooth projective hash functions. In: ASIACRYPT, Part I, pp 844–876Google Scholar
  27. 27.
    Hofheinz D, Jager T, Knapp E (2012) Waters signatures with optimal security reduction. In: PKC, pp 66–83Google Scholar
  28. 28.
    Russell A, Tang Q, Yung M, Zhou H (2016) Destroying steganography via amalgamation: kleptographically CPA secure public key encryption. IACR Cryptology ePrint Archive 2016 :530Google Scholar
  29. 29.
    Russell A, Tang Q, Yung M, Zhou H (2017) Generic semantic security against a kleptographic adversary. In: ACM CCS, pp 907–922Google Scholar

Copyright information

© Springer-Verlag London Ltd., part of Springer Nature 2019

Authors and Affiliations

  • Yi Wang
    • 1
  • Rongmao Chen
    • 1
  • Chi Liu
    • 1
  • Baosheng Wang
    • 1
  • Yongjun Wang
    • 1
  1. 1.National University of Defense TechnologyChangshaChina

Personalised recommendations