Your browser does not support JavaScript!

access icon free More realistic analysis of mass surveillance – security in multi-surveillant settings

The PRISM made the research of cryptography against subversion attacks flourish these years. In a subversion attack, surveillants can compromise the security of users’ systems by subverting implementations of cryptographic algorithms. While the scenario of a single-surveillant has been researched by several works, the multi-surveillant setting attracted less consideration. The authors have initialised this notion in previous work but assumed the surveillants to be completely isolated. In this study, the authors follow this idea and consider more realistic scenarios of the multi-surveillant subversion, where surveillants are able to have limited communications. They propose the notions of queryable adversaries and conversational adversaries. In the first setting, adversaries can verify whether output is produced by a subverted implementation from others; in the latter setting, adversaries can have arbitrary conversations with each other without leaking their backdoors. Under the framework of ‘amalgamation and decomposition’, they design randomness generators that are secure against queryable adversaries and conversational adversaries, respectively, by adopting implementations from different sources intentionally. Based on the secure randomness generators, they construct symmetric encryption schemes that match the corresponding security definitions.


    1. 1)
      • 13. Degabriele, J.P., Farshim, P., Poettering, B.: ‘A more cautious approach to security against mass surveillance’. FSE, 2015, vol. 9054, pp. 579598.
    2. 2)
      • 16. Chen, R., Mu, Y., Yang, G., et al: ‘Cryptographic reverse firewall via malleable smooth projective hash functions’. ASIACRYPT, 2016, vol. 10031, pp. 844876.
    3. 3)
      • 12. Young, A.L., Yung, M.: ‘Malicious cryptography: kleptographic aspects’. CT-RSA, 2005, vol. 3376, pp. 718.
    4. 4)
      • 4. Russell, A., Tang, Q., Yung, M., et al: ‘Generic semantic security against a kleptographic adversary’. ACM CCS, 2017, pp. 907922.
    5. 5)
      • 7. Li, G., Liu, J., Zhang, Z.: ‘Security against subversion in a multi-surveillant setting’. ACISP, 2019, pp. 419437.
    6. 6)
      • 3. Fischlin, M., Mazaheri, S.: ‘Self-guarding cryptographic protocols against algorithm substitution attacks’.  2018 IEEE 31st Computer Security Foundations Symp. (CSF), 2018, pp. 7690.
    7. 7)
      • 14. Bellare, M., Jaeger, J., Kane, D.: ‘Mass-surveillance without the state: strongly undetectable algorithm-substitution attacks’. ACM CCS, 2015, pp. 14311440.
    8. 8)
      • 9. Young, A.L., Yung, M.: ‘The dark side of ‘black-box’ cryptography, or: should we trust capstone?’. Advances in Cryptology – CRYPTO, 1996, pp. 89103.
    9. 9)
      • 17. Horel, T., Park, S., Richelson, S., et al: ‘How to subvert backdoored encryption: security against adversaries that decrypt all ciphertexts’. Innovations in Theoretical Computer Science Conf., ITCS, 2019, pp. 42:142:20.
    10. 10)
      • 6. Bellare, M., Paterson, K.G., Rogaway, P.: ‘Security of symmetric encryption against mass surveillance’. CRYPTO, 2014, vol. 8616, pp. 119.
    11. 11)
      • 10. Young, A.L., Yung, M.: ‘Kleptography: using cryptography against cryptography’. EUROCRYPT, 1997, vol. 1233, pp. 6274.
    12. 12)
      • 5. Mironov, I., Stephens-Davidowitz, N.: ‘Cryptographic reverse firewalls’. EUROCRYPT, 2015, vol. 9057, pp. 657686.
    13. 13)
      • 2. Bernstein, D.J., Lange, T., Niederhagen, R.: ‘Dual EC: a standardized back door’. The New Codebreakers – Essays Dedicated to David Kahn on the Occasion of His 85th Birthday, 2016, pp. 256281.
    14. 14)
      • 1. Dual EC DRBG. Dual EC DRBG. Available at
    15. 15)
      • 15. Dodis, Y., Mironov, I., Stephens-Davidowitz, N.: ‘Message transmission with reverse firewalls – secure communication on corrupted machines’. CRYPTO, 2016, vol. 9814, pp. 341372.
    16. 16)
      • 11. Young, A.L., Yung, M.: ‘The prevalence of kleptographic attacks on discrete-log based cryptosystems’. CRYPTO, 1997, vol. 1294, pp. 264276.
    17. 17)
      • 18. Shoup, V.: ‘Sequences of games: a tool for taming complexity in security proofs’. IACR Cryptology ePrint Archive, 2004:332, 2004.
    18. 18)
      • 8. Russell, A., Tang, Q., Yung, M., et al: ‘Cliptography: clipping the power of kleptographic attacks’. ASIACRYPT, 2016, vol. 10032, pp. 3464.

Related content

This is a required field
Please enter a valid email address