Kleptographic Attack on Elliptic Curve Based Cryptographic Protocols

Kleptography is the study of pilfering secure data secretly and subliminally. The concept of inserting backdoors was introduced two decades ago by Young and Yung. However, still it is a serious threat for modern cryptography. Different studies have proved that exploiting implementation errors of cryptographic algorithms needs less effort as compared to attacking its mathematical structure. Inserting the backdoor modifies the standard method of generating public and private key pairs in such away that the public information is meaningful for the attacker. This paper presents the kleptographic attack on cryptographic algorithm based on Elliptic curves. We show the technique of implementing backdoor against Edwards-curve Digital Signature Algorithm, Elliptic curve Diffie-Hellman key exchange scheme, Elliptic curve Digital Signature Algorithm, Elliptic curve Integrated Encryption Scheme, Elliptic curve ElGamal Encryption and Elliptic curve Qu-Vanstone implicit certificate scheme. In practical approach, backdoors are inserted in such a way that their identification is impossible by analyzing the output of an algorithm. Detection of kleptographic implementation is a complex task and very few studies can be found in this direction. We have explored the possibility of detection of malicious code inside the Elliptic curve based algorithms by using the idea of running time analysis. We have shown that by implementing strong Secretly Embedded Trapdoor with Universal Protection (SETUP) attack against Elliptic curve based algorithms, one can detect the presence of backdoor by analyzing the time difference in execution of an honest vs malicious version of code. We also modified the backdoor insertion mechanism in Edwards-curve Digital Signature Algorithm that results in negligible time difference making it impossible for the user to detect backdoor presence.