| The revelations of Edward Snowden in 2013 demonstrated that cryptography in practice may be surreptitiously weakened by inserting backdoors into the security system.Such backdoors could make the system far less secure as thought and even completely broken.Inspired by this issue,a new research direction known as ”Post-Snowden cryptography” has arisen in recent years with the aim of safeguarding user privacy in face of subversion attacks in the real world.In this work,we investigate the study of subversion attacks against digital signatures and explore possible countermeasures.Our contributions can be summarized as follows:· Noting that the existing symmetric subversion attack model is unable to capture the asymmetric subversion attack,we propose an asymmetric subversion attack model for digital signature.Compared with the symmetric model,the asymmetric model proposed in this paper considers the undetectability of subversion attacks under stronger conditions,and thus it is suitable for analyzing the asymmetric subversion attack which may exist in the real world.Existing work showed that the symmetric subversion attack can only achieve weak undetectability while the asymmetric subversion attack model studied in this paper considers the undetectability under the case that the public subversion key is revealed to the detector.· Motivated by the inefficiency of the existing subversion attack which only satisfies weak undetectability,we propose the concept of splittable digital signature,and designs a general asymmetric subversion attack framework for this kind of digital signature scheme.Through rigorous formal analysis,we demonstrate that the attack framework significantly improves the efficiency of existing attack techniques and satisfies strong undetectability under the condition that public subversion key is revealed.In order to further illustrate the feasibility of the framework,we also instantiate our framework using some well-known concrete signature schemes.· Being faced with the concealment and harmfulness of the asymmetric subversion attacks against signature scheme,we design a digital signature scheme with subversion resilience security.Based on the cryptographic reverse firewall proposed in EUROCRYPT2015,we choose the Waters signature scheme to realize the specific structure of the corresponding cryptographic reverse firewall.Through rigorous formal analysis,we prove that the constructed reverse firewall scheme has the security against subversion attacks under the premise of ensuring the functionality and security of the original signature scheme.Generally speaking,we further demonstrate that subversion attacks against digital signature schemes in the reality could be more powerful in the sense of undetectability and influences,which inspire the cryptography community to further explore possible forms of subversion attacks with effective defense approaches. |
PDF Full Text Request