, Volume 79, Issue 4, pp 1052–1101 | Cite as

On the Impossibility of Cryptography with Tamperable Randomness

  • Per Austrin
  • Kai-Min Chung
  • Mohammad MahmoodyEmail author
  • Rafael Pass
  • Karn Seth


We initiate a study of the security of cryptographic primitives in the presence of efficient tampering attacks to the randomness of honest parties. More precisely, we consider p-tampering attackers that may efficiently tamper with each bit of the honest parties’ random tape with probability p, but have to do so in an “online” fashion. Our main result is a strong negative result: We show that any secure encryption scheme, bit commitment scheme, or zero-knowledge protocol can be “broken” with advantage \(\Omega (p)\) by a p-tampering attacker. The core of this result is a new algorithm for biasing the output of bounded-value functions, which may be of independent interest. We also show that this result cannot be extended to primitives such as signature schemes and identification protocols: assuming the existence of one-way functions, such primitives can be made resilient to Open image in new window -tampering attacks where n is the security parameter.


Tampering Randomness Encryption 


  1. 1.
    Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold, O. (ed.) Theory of Cryptography, 6th Theory of Cryptography Conference, TCC 2009, San Francisco, CA, USA, March 15-17, 2009. Proceedings, volume 5444 of Lecture Notes in Computer Science, pp. 474–495. Springer, Berlin (2009)Google Scholar
  2. 2.
    Anderson, R., Kuhn, M.: Tamper resistance—a cautionary note. In: Proceedings of the Second USENIX Workshop on Electronic Commerce, pp. 1–11, November (1996)Google Scholar
  3. 3.
    One, A.: Smashing the stack for fun and profit. Phrack Magazine, 7(49):File 14 (1996)Google Scholar
  4. 4.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: EUROCRYPT: Advances in Cryptology: Proceedings of EUROCRYPT (1997)Google Scholar
  5. 5.
    Brakerski, Z., Kalai, Y. T., Katz, J., Vaikuntanathan, V.: Overcoming the hole in the bucket: public-key cryptography resilient to continual memory leakage. In: FOCS, pp. 501–510. IEEE Computer Society (2010)Google Scholar
  6. 6.
    Beimel, A., Malkin, T., Micali, S.: The all-or-nothing nature of two-party secure computation. In CRYPTO, pp. 80–97 (1999)Google Scholar
  7. 7.
    Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Advances in Cryptology–CRYPTO 2014, pp. 1–19. Springer (2014)Google Scholar
  8. 8.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: CRYPTO: Proceedings of Crypto (1997)Google Scholar
  9. 9.
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge (extended abstract). In: STOC, pp. 235–244 (2000)Google Scholar
  10. 10.
    Choi, S.G., Kiayias, A., Malkin, T.: BiTR: Built-in tamper resilience. In: Lee, D.H., Wang, X. (eds.) Advances in Cryptology—ASIACRYPT 2011—17th International Conference on the Theory and Application of Cryptology and Information Security, Seoul, South Korea, December 4–8, 2011. Proceedings, Volume 7073 of Lecture Notes in Computer Science, pp. 740–758. Springer (2011)Google Scholar
  11. 11.
    Dodis, Y., Goldwasser, S., Kalai, Y.T., Peikert, C., Vaikuntanathan, V.: Public-key encryption schemes with auxiliary inputs. In: Micciancio, Daniele (ed.) Theory of Cryptography, 7th Theory of Cryptography Conference, TCC 2010, Zurich, Switzerland, February 9–11, 2010. Proceedings, volume 5978 of Lecture Notes in Computer Science, pp. 361–381. Springer (2010)Google Scholar
  12. 12.
    Dodis, Y., Haralambiev, K., López-Alt, A., Wichs, D.: Cryptography against continuous memory attacks. In: FOCS, pp. 511–520. IEEE Computer Society (2010)Google Scholar
  13. 13.
    Dodis, Y., Oliveira, R.: On extracting private randomness over a public channel. In: RANDOM: International Workshop on Randomization and Approximation Techniques in Computer Science. LNCS (2003)Google Scholar
  14. 14.
    Dodis, Y., Ong, S.J., Prabhakaran, M., Sahai, A.: On the (im)possibility of cryptography with imperfect randomness. In: FOCS: IEEE Symposium on Foundations of Computer Science (FOCS) (2004)Google Scholar
  15. 15.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: FOCS, pp. 293–302. IEEE Computer Society (2008)Google Scholar
  16. 16.
    Dziembowski, S., Pietrzak, K., Wichs, D.: Non-malleable codes. In: Chi-Chih Yao, A. (ed.) ICS, pp. 434–452. Tsinghua University Press, Tsinghua (2010)Google Scholar
  17. 17.
    Dachman-Soled, D., Kalai, Y.T.: Securing circuits against constant-rate tampering. IACR Cryptol. ePrint Arch. 2012, 366 (2012). (informal publication)zbMATHGoogle Scholar
  18. 18.
    Feldman, A.J., Benaloh, J.: On subliminal channels in encrypt-on-cast voting systems. In: Proceedings of the 2009 Conference on Electronic Voting Technology/Workshop on Trustworthy Elections, EVT/WOTE’09, pp. 12–12, Berkeley, CA, USA, 2009. USENIX AssociationGoogle Scholar
  19. 19.
    Faust, S., Pietrzak, K., Venturi, D.: Tamper-proof circuits: how to trade leakage for tamper-resilience. ICALP 1, 391–402 (2011)MathSciNetzbMATHGoogle Scholar
  20. 20.
    Frykholm, N.: Countermeasures against buffer overflow attacks. Technical report, RSA Data Security, Inc., pub-RSA:adr (November 2000)Google Scholar
  21. 21.
    Gennaro, R., Lysyanskaya, A., Malkin, T., Micali, S., Rabin, T.: Al-gorithmic tamper-proof (atp) security: theoretical foundations for security against hardware tampering. In: Naor, M. (ed.) TCC, Volume 2951 of Lecture Notes in Computer Science, pp. 258–277. Springer (2004)Google Scholar
  22. 22.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7(1), 1–32 (1994)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Goldwasser, S., Rothblum, G.N.: How to compute in the presence of leakage. SIAM J. Comput. 44(5), 1480–1549 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your Ps and Qs: detection of widespread weak keys in network devices. In: Proceedings of the 21st USENIX Security Symposium (August 2012)Google Scholar
  26. 26.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Impagliazzo, R., Luby, M.: One-way functions are essential for complexity based cryptography. In: Proceedings of the 30th Annual Symposium on Foundations of Computer Science (FOCS), pp. 230–235 (1989)Google Scholar
  28. 28.
    Ishai, Y., Prabhakaran, M., Sahai, A., Wagner, D.: Private circuits II: keeping secrets in tamperable circuits. In: Vaudenay, S. (ed.) Advances in Cryptology—EUROCRYPT 2006, 25th Annual International Conference on the Theory and Applications of Cryptographic Techniques, St. Petersburg, Russia, May 28–June 1, 2006, Proceedings, Volume 4004 of Lecture Notes in Computer Science, pp. 308–327. Springer (2006)Google Scholar
  29. 29.
    Kamara, S., Katz, J.: How to encrypt with a malicious random number generator. In: Fast Software Encryption, pp. 303–315. Springer (2008)Google Scholar
  30. 30.
    Kalai, Y.T., Kanukurthi, B., Sahai, A.: Cryptography with tamperable and leaky memory. In: CRYPTO, pp. 373–390 (2011)Google Scholar
  31. 31.
    Kalai, Y.T., Li, X., Rao, A. 2-source extractors under computational assumptions and cryptography with defective randomness. In: FOCS, pp. 617–626. IEEE Computer Society (2009)Google Scholar
  32. 32.
    Kalai, Y.T., Lewko, A., Rao, A.: Formulas resilient to short-circuit errors. In: Foundations of Computer Science (FOCS), 2012 IEEE 53rd Annual Symposium on, pp. 490–499. IEEE (2012)Google Scholar
  33. 33.
    Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Public keys. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO, Volume 7417 of Lecture Notes in Computer Science, pp. 626–642. Springer (2012)Google Scholar
  34. 34.
    Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Ron was wrong, whit is right. Cryptology ePrint Archive, Report 2012/064, 2012.
  35. 35.
    Liu, F.-H., Lysyanskaya, A.: Algorithmic tamper-proof security under probing attacks. In: SCN, pp. 106–120 (2010)Google Scholar
  36. 36.
    Liu, F.-H., Lysyanskaya, A.: Tamper and leakage resilience in the split-state model. In: Crypto (2012)Google Scholar
  37. 37.
    Micali, S., Reyzin, L.: Physically observable cryptography (extended abstract). In: Theory of Cryptography Conference (TCC), LNCS, vol. 1 (2004)Google Scholar
  38. 38.
    Pincus, J.D., Baker, B.: Beyond stack smashing: recent advances in exploiting buffer overruns. IEEE Secur. Priv. 2(4), 20–27 (2004)CrossRefGoogle Scholar
  39. 39.
    Rothblum, G.N.: How to compute under \({\cal AC}^{0}\) leakage without secure hardware. In: Safavi-Naini, R., Canetti, R. (ed.) CRYPTO, Volume 7417 of Lecture Notes in Computer Science, pp. 552–569. Springer (2012)Google Scholar
  40. 40.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  41. 41.
    Simmons, G.J.: Subliminal channels; past and present. ETT 5(4), 15 (1994)Google Scholar
  42. 42.
    Santha, M., Vazirani, U.V.: Generating quasi-random sequences from semi-random sources. J. Comput. Syst. Sci. 33(1), 75–87 (1986)CrossRefzbMATHGoogle Scholar
  43. 43.
    Young, A., Yung, M.: The dark side of ‘black-box’ cryptography, or: Should we trust capstone?. In: CRYPTO: Proceedings of Crypto (1996)Google Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  1. 1.KTH Royal Institute of TechnologyStockholmSweden
  2. 2.Academia SinicaTaipei CityTaiwan
  3. 3.University of VirginiaCharlottesvilleUSA
  4. 4.Cornell TechNew YorkUSA
  5. 5.GoogleNew YorkUSA

Personalised recommendations