Welcome to the resource topic for 2025/1480
Title:
SoK: Kleptographic Attacks
Authors: Ting-Yun Yeh
Abstract:Kleptography was first proposed by Adam Young and Moti
Yung in 1996, while algorithm substitution attack was introduced by Mi-
hir Bellare et al. as a variation of kleptography in 2014 after the Dual EC
incident with the confidential documents revelation by Edward Snowden.
These two paradigms share a common goal: to enable attackers to embed
covert capabilities into cryptographic implementations while maintaining
the appearance of normal functionality. The goal of this paper is to con-
solidate existing research on kleptographic attacks, integrate it into a uni-
fied definition, and explore future directions for the research in this field.
This paper begins by introducing and comparing the two major branches
of kleptographic attacks: traditional kleptography and post-Snowden al-
gorithm substitution attack, highlighting their theoretical distinctions,
threat models, and historical development. Then, it analyzes the spe-
cific goals that attackers aim to achieve through such subversions and
propose a generalized definition of algorithm substitution attack that in-
clude all the goals. The paper also presents practical examples framed
within my definition and classify prior research works as either strong
or weak attacks based on their structure and undetectability. Finally, it
discusses the current landscape of research in kleptographic attacks, and
then suggest future directions for the attack and defense perspectives.
ePrint: https://eprint.iacr.org/2025/1480
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .