Print Email Facebook Twitter Practical algorithm substitution attack on extractable signatures Title Practical algorithm substitution attack on extractable signatures Author Zhao, Yi (Chang'an University) Liang, K. (TU Delft Cyber Security) Zhao, Yanqi (Xi’an University of Posts and Telecommunications, Xi'an) Yang, Bo (Shaanxi Normal University) Ming, Yang (Chang'an University) Panaousis, Emmanouil (University of Greenwich) Date 2022 Abstract An algorithm substitution attack (ASA) can undermine the security of cryptographic primitives by subverting the original implementation. An ASA succeeds when it extracts secrets without being detected. To launch an ASA on signature schemes, existing studies often needed to collect signatures with successive indices to extract the signing key. However, collection with successive indices requires uninterrupted surveillance of the communication channel and a low transmission loss rate in practice. This hinders the practical implementation of current ASAs, thus causing users to misbelieve that the threat incurred by ASA is only theoretical and far from reality. In this study, we first classify a group of schemes called extractable signatures that achieve traditional security (unforgeability) by reductions ending with key extraction, thus demonstrating that there is a generic and practical approach for ASA with this class of signatures. Further, we present the implementation of ASAs in which only two signatures and no further requirements are needed for the extraction of widely used discrete log-based signatures such as DSA, Schnorr, and modified ElGamal signature schemes. Our attack presents a realistic threat to current signature applications, which can also be implemented in open and unstable environments such as vehicular ad hoc networks. Finally, we prove that the proposed ASA is undetectable against polynomial time detectors and physical timing analysis. Subject Algorithm substitution attackArbitrary collectionDiscrete logExtractable signatures To reference this document use: http://resolver.tudelft.nl/uuid:65f37946-a831-440b-9ec4-6a723766c334 DOI https://doi.org/10.1007/s10623-022-01019-1 Embargo date 2023-07-01 ISSN 0925-1022 Source Designs, Codes and Cryptography, 90 (4), 921-937 Bibliographical note Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public. Part of collection Institutional Repository Document type journal article Rights © 2022 Yi Zhao, K. Liang, Yanqi Zhao, Bo Yang, Yang Ming, Emmanouil Panaousis Files PDF s10623_022_01019_1.pdf 506.54 KB Close viewer /islandora/object/uuid:65f37946-a831-440b-9ec4-6a723766c334/datastream/OBJ/view