[Resource Topic] 2023/764: Subversion-Resilient Authenticated Encryption without Random Oracles

Welcome to the resource topic for 2023/764

Subversion-Resilient Authenticated Encryption without Random Oracles

Authors: Pascal Bemmann, Sebastian Berndt, Denis Diemert, Thomas Eisenbarth, Tibor Jager


In 2013, the Snowden revelations have shown subversion of cryptographic implementations to be a relevant threat.
Since then, the academic community has been pushing the development of models and constructions
to defend against adversaries able to arbitrarily subvert cryptographic implementations.
To capture these strong capabilities of adversaries, Russell, Tang, Yung, and Zhou (CCS’17) proposed CPA-secure encryption in a model that utilizes a trusted party called a watchdog testing an implementation before use to detect potential subversion.
This model was used to construct subversion-resilient implementations of primitives such as random oracles by Russell, Tang, Yung, and Zhou (CRYPTO’18) or signature schemes by Chow et al. (PKC’19) but primitives aiming for a CCA-like security remained elusive in any watchdog model.
In this work, we present the first subversion-resilient authenticated encryption scheme with associated data (AEAD) without making use of random oracles.
At the core of our construction are subversion-resilient PRFs, which we obtain from weak PRFs in combination with the classical Naor-Reingold transformation.
We revisit classical constructions based on PRFs to obtain subversion-resilient MACs, where both tagging and verification are subject to subversion, as well as subversion-resilient symmetric encryption in the form of stream ciphers.
Finally, we observe that leveraging the classical Encrypt-then-MAC approach yields subversion-resilient AEAD.
Our results are based on the trusted amalgamation model by Russell, Tang, Yung, and Zhou (ASIACRYPT’16) and the assumption of honest key generation.

ePrint: https://eprint.iacr.org/2023/764

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .