Space-Efficient Kleptography Without Random Oracles

Space-Efficient Kleptography Without Random Oracles,10.1007/978-3-540-77370-2_8,Adam Young,Moti M. Yung

Space-Efficient Kleptography Without Random Oracles   (Citations: 1)
BibTex | RIS | RefWorks Download
In the past, hiding asymmetric backdoors inside cryptosystems required a random oracle assumption (idealization) as “randomizers” of the hidden channels. The basic question left open is whether cryptography itself based on traditional hardness assumption(s) alone enables “internal randomized channels” that enable the embedding of an asymmetric backdoor inside another cryptosystem while retaining the security of the cryptosystem and the backdoor (two security proofs in one system). This question translates into the existence of kleptographic channels without the idealization of random oracle functions. We therefore address the basic problem of controlling the probability distribution over information (i.e., the kleptogram) that is hidden within the output of a cryptographic system. We settle this question by presenting an elliptic curve asymmetric backdoor construction that solves this problem. As an example, we apply the construction to produce a provably secure asymmetric backdoor in SSL. The construction is general and applies to many other kleptographic settings as well.
Conference: Information Hiding , pp. 112-129, 2007
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
    • ...Another example is a highly space-efficient public key stegosystem [17]...
    • ...An asymmetric backdoor in SSL was presented in [27] that employs Kaliski’s elliptic curve pseudorandom bit generator [14]...
    • ...Indeed this key exchange problem was addressed in [27]...
    • ...The partial covert key exchange solution in [27] is therefore ill-suited for a backdoor in RSA key generation since the backdoor would only take effect with probability very close to 1/2 when a key pair is generated...
    • ...Below we review algorithms from [27] (which are built on [14]) that encode/decode points using fixed-length bit strings...

    Adam Younget al. Kleptography from Standard Assumptions and Applications

Sort by: