Abuses in Cryptography and How to Fight Them

(Extended Abstract)
  • Yvo Desmedt
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 403)


The following seems quite familiar: “Alice and Bob want to flip a coin by telephone. (They have just divorced, live in different countries, want to decide who will have the children during the next holiday.). . .” So they use [Blu82]’s (or an improved) protocol. However, Alice and Bob’s divorce has been set up to cover up their spying activities. When they use [Blu82]’s protocol, they don’t care if the “coinflip” is random, but they want to abuse the protocol to send secret information to each other. The counter-espionage service, however, doesn’t know that the divorce and the use of the [Blu82]’s protocol are just cover-ups.

In this paper, we demonstrate how several modern cryptosystems can be abused. We generalize [Sim83b]’s subliminal channel and [DGB87]’s abuse of the [FFS87, FS86] identification systems and demonstrate how one can prevent abuses of cryptosystems.


Quadratic Residue Covert Channel Proof Mechanism Jacobi Symbol Narrow Context 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

6 References

  1. [Ada88]
    J. A. Adam. Ways to verify the U.S.-Soviet arms pact. IEEE Spectrum, pp. 30–34, February 1988.Google Scholar
  2. [BC86]
    G. Brassard and C. Crepeau. Non-transitive transfer of confidence: a perfect zero-knowledge interactive protocol for SAT and beyond. In 27th Annual Symp. on Foundations of Computer Science (FOCS), pp. 188–195, IEEE Computer Society Press, October 27–29 1986. Toronto, Ontario, Canada.Google Scholar
  3. [BFM88]
    M. Blum, P. Feldman, and S. Micali. Non-interactive zero-knowledge and its applications. In Proceedings of the twentieth ACM Symp. Theory of Computing, STOC, pp. 103–112, May 2–4, 1988.Google Scholar
  4. [BG84]
    M. Blum and S. Goldwasser. An efficient probabilistic public-key encryption scheme which hides all partial information. In Advances in Cryptology. Proc. of Crypto’ 84 (Lecture Notes in Computer Science 196), pp. 289–299, Springer-Verlag, New York, 1985. Santa Barbara, August 1984.Google Scholar
  5. [Blu82]
    M. Blum. Coin flipping by telephone — a protocol for solving impossible problems. In digest of papers COMPCON82, pp. 133–137, IEEE Computer Society, February 1982.Google Scholar
  6. [Dep83]
    Department of Defense Trusted Computer System Evaluation Criteria. U.S. Department of Defense, August 15 1983. Also known as the Orange Book.Google Scholar
  7. [Des]
    Y. Desmedt. Abuse-free cryptosystems: particularly subliminal-free authentication and signature. In preparation, available from author when finished.Google Scholar
  8. [Des88]
    Y. Desmedt. Subliminal-free authentication and signature. May 1988. Presented at Eurocrypt’88, Davos, Switzerland, to appear in: Advances in Cryptology. Proc. of Eurocrypt 88 (Lecture Notes in Computer Science), Springer-Verlag.Google Scholar
  9. [DGB87]
    Y. Desmedt, C. Goutier, and S. Bengio. Special uses and abuses of the Fiat-Shamir passport protocol. In C. Pomerance, editor, Advances in Cryptology, Proc. of Crypto’ 87 (Lecture Notes in Computer Science 293), pp. 21–39, Springer-Verlag, 1988. Santa Barbara, California, U.S.A., August 16–20.Google Scholar
  10. [FFS87]
    U. Feige, A. Fiat, and A. Shamir. Zero knowledge proofs of identity. In Proceedings of the Nineteenth ACM Symp. Theory of Computing, STOC, pp. 210–217, May 25–27, 1987.Google Scholar
  11. [FS86]
    A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In A. Odlyzko, editor, Advances in Cryptology, Proc. of Crypto’ 86 (Lecture Notes in Computer Science 263), pp. 186–194, Springer-Verlag, 1987. Santa Barbara, California, U. S. A., August 11–15.Google Scholar
  12. [GMR]
    S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof systems. to appear in Siam J. Comput., vol. 18, No. 1, January 1989.Google Scholar
  13. [GMR88]
    S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. Siam J. Comput., 17(2), pp. 281–308, April 1988.CrossRefzbMATHMathSciNetGoogle Scholar
  14. [GMW86]
    O. Goldreich, S. Micali, and A. Wigderson. How to prove all NP statements in zero-knowledge and a methodolgy of cryptographic protocol design. In A. Odlyzko, editor, Advances in Cryptology, Proc. of Crypto’86 (Lecture Notes in Computer Science 263), pp. 171–185, Springer-Verlag, 1987. Santa Barbara, California, U. S. A., August 11–15.Google Scholar
  15. [Lam73]
    B. W. Lampson. A note on the confinement problem. Comm. ACM, 16(10), pp. 613–615, October 1973.CrossRefGoogle Scholar
  16. [PK79]
    G. J. Popek and C. S. Kline. Encryption and secure computer networks. ACM Computing Surveys, 11(4), pp. 335–356, December 1979.CrossRefGoogle Scholar
  17. [RS85]
    R. L. Rivest and A. Shamir. Efficient factoring based on partial information. In F. Pichler, editor, Advances in Cryptology. Proc. of Eurocrypt 85 (Lecture Notes in Computer Science 209), pp. 31–34, Springer-Verlag, Berlin, 1986.CrossRefGoogle Scholar
  18. [Sim83a]
    G. J. Simmons. Verification of treaty compliance-revisited. In Proc. of the 1983 IEEE Symposium on Security and Privacy, pp. 61–66, IEEE Computer Society Press, April 25–27 1983. Oakland, California.Google Scholar
  19. [Sim83b]
    G. J. Simmons. The prisoners’ problem and the subliminal channel. In D. Chaum, editor, Advances in Cryptology. Proc. of Crypto 83, pp. 51–67, Plenum Press N.Y., 1984. Santa Barbara, California, August 1983.Google Scholar
  20. [Sim88]
    G. J. Simmons. How to insure that data acquired to verify treaty compliance are trustworthy. Proc. IEEE, 76(5), pp. 621–627, May 1988.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1990

Authors and Affiliations

  • Yvo Desmedt
    • 1
  1. 1.Dept. EE & CSUniv. of Wisconsin — MilwaukeeMilwaukeeUSA

Personalised recommendations