On the Impossibility of Cryptography with Tamperable Randomness

Per Austrin; Kai Min Chung; Mohammad Mahmoody; Rafael Pass; Karn Seth

doi:10.1007/s00453-016-0219-7

On the Impossibility of Cryptography with Tamperable Randomness

Per Austrin, Kai Min Chung, Mohammad Mahmoody^*, Rafael Pass, Karn Seth

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

Abstract

We initiate a study of the security of cryptographic primitives in the presence of efficient tampering attacks to the randomness of honest parties. More precisely, we consider p-tampering attackers that may efficiently tamper with each bit of the honest parties’ random tape with probability p, but have to do so in an “online” fashion. Our main result is a strong negative result: We show that any secure encryption scheme, bit commitment scheme, or zero-knowledge protocol can be “broken” with advantage Ω (p) by a p-tampering attacker. The core of this result is a new algorithm for biasing the output of bounded-value functions, which may be of independent interest. We also show that this result cannot be extended to primitives such as signature schemes and identification protocols: assuming the existence of one-way functions, such primitives can be made resilient to [InlineEquation not available: see fulltext.]-tampering attacks where n is the security parameter.

Original language	English
Pages (from-to)	1052-1101
Number of pages	50
Journal	Algorithmica
Volume	79
Issue number	4
DOIs	https://doi.org/10.1007/s00453-016-0219-7
State	Published - 1 Dec 2017
Externally published	Yes

Keywords

Encryption
Randomness
Tampering

Access to Document

10.1007/s00453-016-0219-7

Cite this

@article{ac3c71869fd4449597b85dcb0ba8b10d,

title = "On the Impossibility of Cryptography with Tamperable Randomness",

abstract = "We initiate a study of the security of cryptographic primitives in the presence of efficient tampering attacks to the randomness of honest parties. More precisely, we consider p-tampering attackers that may efficiently tamper with each bit of the honest parties{\textquoteright} random tape with probability p, but have to do so in an “online” fashion. Our main result is a strong negative result: We show that any secure encryption scheme, bit commitment scheme, or zero-knowledge protocol can be “broken” with advantage Ω (p) by a p-tampering attacker. The core of this result is a new algorithm for biasing the output of bounded-value functions, which may be of independent interest. We also show that this result cannot be extended to primitives such as signature schemes and identification protocols: assuming the existence of one-way functions, such primitives can be made resilient to [InlineEquation not available: see fulltext.]-tampering attacks where n is the security parameter.",

keywords = "Encryption, Randomness, Tampering",

author = "Per Austrin and Chung, {Kai Min} and Mohammad Mahmoody and Rafael Pass and Karn Seth",

note = "Publisher Copyright: {\textcopyright} 2016, Springer Science+Business Media New York.",

year = "2017",

month = dec,

day = "1",

doi = "10.1007/s00453-016-0219-7",

language = "אנגלית",

volume = "79",

pages = "1052--1101",

journal = "Algorithmica",

issn = "0178-4617",

publisher = "Springer New York",

number = "4",

}

TY - JOUR

T1 - On the Impossibility of Cryptography with Tamperable Randomness

AU - Austrin, Per

AU - Chung, Kai Min

AU - Mahmoody, Mohammad

AU - Pass, Rafael

AU - Seth, Karn

PY - 2017/12/1

Y1 - 2017/12/1

N2 - We initiate a study of the security of cryptographic primitives in the presence of efficient tampering attacks to the randomness of honest parties. More precisely, we consider p-tampering attackers that may efficiently tamper with each bit of the honest parties’ random tape with probability p, but have to do so in an “online” fashion. Our main result is a strong negative result: We show that any secure encryption scheme, bit commitment scheme, or zero-knowledge protocol can be “broken” with advantage Ω (p) by a p-tampering attacker. The core of this result is a new algorithm for biasing the output of bounded-value functions, which may be of independent interest. We also show that this result cannot be extended to primitives such as signature schemes and identification protocols: assuming the existence of one-way functions, such primitives can be made resilient to [InlineEquation not available: see fulltext.]-tampering attacks where n is the security parameter.

AB - We initiate a study of the security of cryptographic primitives in the presence of efficient tampering attacks to the randomness of honest parties. More precisely, we consider p-tampering attackers that may efficiently tamper with each bit of the honest parties’ random tape with probability p, but have to do so in an “online” fashion. Our main result is a strong negative result: We show that any secure encryption scheme, bit commitment scheme, or zero-knowledge protocol can be “broken” with advantage Ω (p) by a p-tampering attacker. The core of this result is a new algorithm for biasing the output of bounded-value functions, which may be of independent interest. We also show that this result cannot be extended to primitives such as signature schemes and identification protocols: assuming the existence of one-way functions, such primitives can be made resilient to [InlineEquation not available: see fulltext.]-tampering attacks where n is the security parameter.

KW - Encryption

KW - Randomness

KW - Tampering

UR - http://www.scopus.com/inward/record.url?scp=84990840579&partnerID=8YFLogxK

U2 - 10.1007/s00453-016-0219-7

DO - 10.1007/s00453-016-0219-7

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:84990840579

SN - 0178-4617

VL - 79

SP - 1052

EP - 1101

JO - Algorithmica

JF - Algorithmica

IS - 4

ER -

On the Impossibility of Cryptography with Tamperable Randomness

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this