Cliptography: Post-snowden cryptography

Qiang Tang, Moti Yung

Research output: Chapter in Book/Report/Conference proceedingConference contribution

15 Scopus citations


This tutorial covers a systematic overview of kleptography: Stealing information subliminally from black-box cryptographic implementations; and cliptography: Defending mechanisms that clip the power of kleptographic attacks via specification re-designs (without altering the underlying algorithms). Despite the laudatory history of development of modern cryptography, applying cryptographic tools to reliably provide security and privacy in practice is notoriously difficult. One fundamental practical challenge, guaranteeing security and privacy without explicit trust in the algorithms and implementations that underlie basic security infrastructure, remains. While the dangers of entertaining adversarial implementation of cryptographic primitives seem obvious, the ramifications of such attacks are surprisingly dire: It turns out that-in wide generality-adversarial implementations of cryptographic (both deterministic and randomized) algorithms may leak private information while producing output that is statistically indistinguishable from that of a faithful implementation. Such attacks were formally studied in Kleptography. Snowden revelations has shown us how security and privacy can be lost at a very large scale even when traditional cryptography seems to be used to protect Internet communication, when Kleptography was not taken into consideration. We first explain how the above-mentioned Kleptographic attacks can be carried out in various settings. We then introduce several simple but rigorous immunizing strategies that were inspired by folklore practical wisdoms to protect different algorithms from implementation subversion. Those strategies can be applied to ensure security of most of the fundamental cryptographic primitives such as PRG, digital signatures, public key encryptions against kleptographic attacks when they are implemented accordingly. Our new design principles may suggest new standardization methods that help reducing the threats of subverted implementation.We also hope our tutorial to stimulate a community-wise efforts to further tackle the fundamental challenge mentioned at the beginning.

Original languageEnglish (US)
Title of host publicationCCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Number of pages2
ISBN (Electronic)9781450349468
StatePublished - Oct 30 2017
Event24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 - Dallas, United States
Duration: Oct 30 2017Nov 3 2017

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221


Other24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017
Country/TerritoryUnited States

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications


  • Backdoor resistance
  • Cliptography
  • Cryptography
  • Implementation subversion
  • Kleptography
  • Steganography


Dive into the research topics of 'Cliptography: Post-snowden cryptography'. Together they form a unique fingerprint.

Cite this