How to Encrypt with a Malicious Random Number Generator

Chosen-plaintext attacks on private-key encryption schemes are currently modeled by giving an adversary access to an oracle that encrypts a given message musing random coins that are generated uniformly at randomand independentlyof anything else. This leaves open the possibility of attacks in case the random coins are poorly generated (e.g., using a faulty random number generator), or are under partial adversarial control (e.g., when encryption is done by lightweight devices that may be captured and tampered with). We introduce new notions of security modeling such attacks, propose two concrete schemes meeting our definitions, and show generic transformations for achieving security in this context.

[1]  Phillip Rogaway,et al.  Nonce-Based Symmetric Encryption , 2004, FSE.

[2]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[3]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[4]  Kevin Fu,et al.  Key Regression: Enabling Efficient Key Distribution for Secure Distributed Storage , 2006, NDSS.

[5]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[6]  Yevgeniy Dodis,et al.  Does Privacy Require True Randomness? , 2007, TCC.

[7]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[8]  Joel H. Spencer,et al.  On the (non)universality of the one-time pad , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[9]  Shai Halevi,et al.  A model and architecture for pseudo-random generation with applications to /dev/random , 2005, CCS '05.

[10]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[11]  Amit Sahai,et al.  On the (im)possibility of cryptography with imperfect randomness , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[12]  Benny Pinkas,et al.  On the Impossibility of Private Key Cryptography with Weakly Random Keys , 1990, CRYPTO.

[13]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[14]  Mihir Bellare,et al.  Forward-Security in Private-Key Cryptography , 2003, CT-RSA.

[15]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[16]  Jonathan Katz,et al.  Characterization of Security Notions for Probabilistic Private-Key Encryption , 2005, Journal of Cryptology.

[17]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[18]  Tatsuaki Okamoto Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[19]  Yehuda Lindell,et al.  Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series) , 2007 .

[20]  Jonathan Katz,et al.  Introduction to Modern Cryptography: Principles and Protocols , 2007 .

[21]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[22]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.