More realistic analysis of mass surveillance – security in multi‐surveillant settings

The PRISM made the research of cryptography against subversion attacks flourish these years. In a subversion attack, surveillants can compromise the security of users’ systems by subverting implementations of cryptographic algorithms. While the scenario of a single‐surveillant has been researched by several works, the multi‐surveillant setting attracted less consideration. The authors have initialised this notion in previous work but assumed the surveillants to be completely isolated. In this study, the authors follow this idea and consider more realistic scenarios of the multi‐surveillant subversion, where surveillants are able to have limited communications. They propose the notions of queryable adversaries and conversational adversaries. In the first setting, adversaries can verify whether output is produced by a subverted implementation from others; in the latter setting, adversaries can have arbitrary conversations with each other without leaking their backdoors. Under the framework of ‘amalgamation and decomposition’, they design randomness generators that are secure against queryable adversaries and conversational adversaries, respectively, by adopting implementations from different sources intentionally. Based on the secure randomness generators, they construct symmetric encryption schemes that match the corresponding security definitions.