Hunting Invisible Salamanders - Cryptographic Insecurity with Attacker-Controlled Keys

Explore the cryptographic challenges and vulnerabilities associated with attacker-controlled keys in authenticated encryption schemes. Delve into the evolving landscape of cryptography deployment, focusing on scenarios where attackers can potentially know or guess encryption keys. Examine specific examples such as password-based authenticated encryption and reporting plaintexts, and investigate the concept of committing security. Analyze invisible salamander attacks on Counter Mode and Galois/Counter Mode (GCM), discussing their implications for multi-receiver encryption and abuse reporting in encrypted messaging systems. Learn about Facebook's Message Franking Protocol and techniques to evade message franking. Gain insights into crafting ciphertexts, partitioning oracles, and strategies to prevent invisible salamander attacks. This 31-minute Black Hat conference talk is designed for security professionals involved in cryptography design, implementation, and deployment, while remaining accessible to a general security audience.

Intro
This Talk
Authenticated Encryption
New Settings, New Needs
Overview
Attacker-Controlled Keys
Example: Password-based AE
Example: Reporting Plaintexts
Committing Security for AE
Reporting Salamanders
Invisible Salamanders for CTR Mode
Galois/Counter Mode (GCM)
Colliding GCM's MACA
From Two Keys to Many A
Multi-Receiver Encryption
Abuse Reporting for Encrypted Messaging
Facebook's Message Franking Protocol
Evading Message Franking
Crafting the Ciphertext
Partitioning Oracles
Preventing Invisible Salamanders