Subliminal Hash Channels

  • George TeşeleanuEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1133)


Due to their nature, subliminal channels are mostly regarded as being malicious, but due to recent legislation efforts users’ perception might change. Such channels can be used to subvert digital signature protocols without degrading the security of the underlying primitive. Thus, it is natural to find countermeasures and devise subliminal-free signatures. In this paper we discuss state-of-the-art countermeasures and introduce a generic method to bypass them.


  1. 1.
  2. 2.
  3. 3.
  4. 4.
  5. 5.
    Safe Prime Database.
  6. 6.
    The GNU Multiple Precision Arithmetic Library.
  7. 7.
    World Map of Encryption Laws and Policies.
  8. 8.
    Abdalla, M., Bellare, M., Rogaway, P.: DHAES: An Encryption Scheme Based on the Diffie-Hellman Problem. IACR Cryptology ePrint Archive 1999/7 (1999)Google Scholar
  9. 9.
    Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001). Scholar
  10. 10.
    Adams, C., Cain, P., Pinkas, D., Zuccherato, R.: RFC 3161: internet X.509 public key infrastructure time-stamp protocol (TSP). Technical report, Internet Engineering Task Force (2001)Google Scholar
  11. 11.
    Ateniese, G., Magri, B., Venturi, D.: Subversion-resilient signature schemes. In: ACM-CCS 2015, pp. 364–375. ACM (2015)Google Scholar
  12. 12.
    Ball, J., Borger, J., Greenwald, G.: Revealed: how US and UK spy agencies defeat internet privacy and security. Guardian 6, 2–8 (2013)Google Scholar
  13. 13.
    Barker, E., Kelsey, J.: SP 800–90A. Recommendations for Random Number Generation Using Deterministic Random Bit Generators (2012)Google Scholar
  14. 14.
    Bellare, M., Jaeger, J., Kane, D.: Mass-surveillance without the state: strongly undetectable algorithm-substitution attacks. In: ACM-CCS 2015, pp. 1431–1440. ACM (2015)Google Scholar
  15. 15.
    Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 1–19. Springer, Heidelberg (2014). Scholar
  16. 16.
    Bellare, M., Rogaway, P.: Minimizing the use of random oracles in authenticated encryption schemes. In: Han, Y., Okamoto, T., Qing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 1–16. Springer, Heidelberg (1997). Scholar
  17. 17.
    Bello, L.: DSA-1571-1 OpenSSL—Predictable Random Number Generator. (2008)
  18. 18.
    Bohli, J.-M., González Vasco, M.I., Steinwandt, R.: A subliminal-free variant of ECDSA. In: Camenisch, J.L., Collberg, C.S., Johnson, N.F., Sallee, P. (eds.) IH 2006. LNCS, vol. 4437, pp. 375–387. Springer, Heidelberg (2007). Scholar
  19. 19.
    Checkoway, S., et al.: A systematic analysis of the juniper dual EC incident. In: ACM-CCS 2016, pp. 468–479. ACM (2016)Google Scholar
  20. 20.
    Checkoway, S., et al.: On the practical exploitability of dual EC in TLS implementations. In: USENIX Security Symposium, pp. 319–335. USENIX Association (2014)Google Scholar
  21. 21.
    Choi, J.Y., Golle, P., Jakobsson, M.: Tamper-evident digital signature protecting certification authorities against malware. In: DASC 2006, pp. 37–44. IEEE (2006)Google Scholar
  22. 22.
    Dodis, Y., Ganesh, C., Golovnev, A., Juels, A., Ristenpart, T.: A formal treatment of backdoored pseudorandom generators. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 101–126. Springer, Heidelberg (2015). Scholar
  23. 23.
    Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness extraction and key derivation using the CBC, cascade and HMAC modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004). Scholar
  24. 24.
    Fried, J., Gaudry, P., Heninger, N., Thomé, E.: A kilobit hidden SNFS discrete logarithm computation. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 202–231. Springer, Cham (2017). Scholar
  25. 25.
    Haber, S., Stornetta, W.S.: How to time-stamp a digital document. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 437–455. Springer, Heidelberg (1991). Scholar
  26. 26.
    Hanzlik, L., Kluczniak, K., Kutyłowski, M.: Controlled randomness – a defense against backdoors in cryptographic devices. In: Phan, R.C.-W., Yung, M. (eds.) Mycrypt 2016. LNCS, vol. 10311, pp. 215–232. Springer, Cham (2017). Scholar
  27. 27.
    Harkins, D., Carrel, D.: RFC 2409: the internet key exchange (IKE). Technical report, Internet Engineering Task Force (1998)Google Scholar
  28. 28.
    Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., Kivinen, T.: RFC7296: internet key exchange protocol version 2 (IKEv2). Technical report, Internet Engineering Task Force (2014)Google Scholar
  29. 29.
    Kucner, D., Kutyłowski, M.: Stochastic kleptography detection. In: Public-Key Cryptography and Computational Number Theory, pp. 137–149 (2001)Google Scholar
  30. 30.
    Kwant, R., Lange, T., Thissen, K.: Lattice klepto. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 336–354. Springer, Cham (2018). Scholar
  31. 31.
    Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973)CrossRefGoogle Scholar
  32. 32.
    Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. In: FOCS 1997, pp. 458–467. IEEE Computer Society (1997)Google Scholar
  33. 33.
    Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. J. ACM (JACM) 51(2), 231–262 (2004)MathSciNetCrossRefGoogle Scholar
  34. 34.
    Perlroth, N., Larson, J., Shane, S.: NSA Able to Foil Basic Safeguards of Privacy on Web, vol. 5. The New York Times, New York (2013)Google Scholar
  35. 35.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996). Scholar
  36. 36.
    Russell, A., Tang, Q., Yung, M., Zhou, H.-S.: Cliptography: clipping the power of kleptographic attacks. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 34–64. Springer, Heidelberg (2016). Scholar
  37. 37.
    Russell, A., Tang, Q., Yung, M., Zhou, H.S.: Generic semantic security against a kleptographic adversary. In: ACM-CCS 2017, pp. 907–922. ACM (2017)Google Scholar
  38. 38.
    Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). Scholar
  39. 39.
    Simmons, G.J.: The subliminal channel and digital signatures. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 364–378. Springer, Heidelberg (1985). Scholar
  40. 40.
    Simmons, G.J.: Subliminal communication is easy using the DSA. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 218–232. Springer, Heidelberg (1994). Scholar
  41. 41.
    Simmons, G.J.: Subliminal channels; past and present. Eur. Trans. Telecommun. 5(4), 459–474 (1994)MathSciNetCrossRefGoogle Scholar
  42. 42.
    Teşeleanu, G.: Unifying kleptographic attacks. In: Gruschka, N. (ed.) NordSec 2018. LNCS, vol. 11252, pp. 73–87. Springer, Cham (2018). Scholar
  43. 43.
    Teşeleanu, G.: Managing your kleptographic subscription plan. In: Carlet, C., Guilley, S., Nitaj, A., Souidi, E.M. (eds.) C2SI 2019. LNCS, vol. 11445, pp. 452–461. Springer, Cham (2019). Scholar
  44. 44.
    Wu, C.K.: Hash channels. Comput. Secur. 24(8), 653–661 (2005)CrossRefGoogle Scholar
  45. 45.
    Young, A., Yung, M.: The dark side of “Black-Box” cryptography or: should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996). Scholar
  46. 46.
    Young, A., Yung, M.: Kleptography: using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62–74. Springer, Heidelberg (1997). Scholar
  47. 47.
    Young, A., Yung, M.: The prevalence of kleptographic attacks on discrete-log based cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 264–276. Springer, Heidelberg (1997). Scholar
  48. 48.
    Young, A., Yung, M.: Malicious Cryptography: Exposing Cryptovirology. Wiley, Hoboken (2004)Google Scholar
  49. 49.
    Zheng, Y., Seberry, J.: Immunizing public key cryptosystems against chosen ciphertext attacks. IEEE J. Sel. Areas Commun. 11(5), 715–724 (1993)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Simion Stoilow Institute of Mathematics of the Romanian AcademyBucharestRomania
  2. 2.Advanced Technologies InstituteBucharestRomania

Personalised recommendations