Mackerel: An IND-CCA2 and INT-CTXT Cryptovirus

by Justin Troutman

Snow.

Wind.

Snow.

Wind.

Snow.

Repeat.

What is Colorado? That's correct. I've been in the Winter Park area for about two months now, and I can only laugh at myself for thinking that my home, in the Piedmont of North Carolina, has a real, bone-freezing winter. Don't get me wrong, our climate can stir up some pretty rough winters, but the wind chill here has gotten so low, to the point where you just laugh about the surrealism of it all. I've got my better Brazilian half to keep me warm, and some new cryptovirology research to keep my thought process in a relatively thawed out state. So, let's talk about fish.

Well, not a real fish, but the sea-faring, fin-bearing creature I've chosen to use as a naming convention for cryptoviral functions. Science tells me I have a whole load of names to choose from, so I'll be fine for a while. Without further pointless ado, allow me to introduce Mackerel, a family of cryptoviral functions. Here's the preliminary abstract for a paper that will be presented at Security Opus, an information security conference in San Francisco, with technical lectures being held from March 19th through the 21st:

"Mackerel is a family of symmetric cryptovirus constructions that allows up to IND-CCA2 and INT-CTXT security; they're based around the AES in CTR mode (IND-CPA) for preserving confidentiality and CMAC-AES (SUF-CMA) for preserving integrity. The optimal configuration (IND-CCA2 and INT-CTXT), "King Mackerel," employs two 256-bit symmetric keys, for encryption and authentication in the Encrypt-then-Authenticate (EtA) composition, and claims a 128-bit security level. All functions operate in the Troutman mode of information extortion (TIE), a slight variation of Young and Yung's information extortion attack [1]. While Mackerel requires its own set of intrinsic analyses, it takes advantage of the analytical scrutiny of the AES; as such, the security of Mackerel reduces to that of the AES. Mackerel is based on original research conducted by Troutman, in [2]. Mackerel is in the final stages of preliminary cryptanalysis, of which will support Mackerel in a standalone paper, set to appear in Spring '07, along with a complementary protocol for ensuring fairness via game theory."

[1] A. Young, M. Yung, "Cryptovirology: Extortion-Based Security Threats and Countermeasures," IEEE Symposium on Security & Privacy, pages 129-141, May 6-8, 1996.

[2] J. Troutman, "Examining Misimplemented RSA and Strengthened Authentication for Variations of the Cryptovirological Information Extortion Attack," Duke University (TIP), July 24th, 2006.

So, as you can see, research has gotten as far as receiving a cool name - well, a name, at least. As of right now, Mackerel has taken on a completely standardized approach, by using AES. However, Mackerel is merely a shell, of sorts; that is, encryption and authentication functions, and their parameters, are largely arbitrary. As such, Mackerel can be configured for various trade-offs between efficiency and security. The paper will focus primarily on the most conservatively secure configuration, dubbed "King Mackerel," which is IND-CCA2 and INT-CTXT secure. The algorithm specifications and design rationale paper will be available during, or shortly thereafter, the conference. It follows that a complementing game theoretical paper, outlining the Troutman information extortion mode of operation (TIE) for Mackerel, is set to be completed by the Spring of '07; in late June, it will be presented in a guest lecture at Duke University.

In the meanwhile, I'll be investigating other niche environments for Mackerel, both software and hardware, as well various other structural possibilities and applications for cryptovirus design. As always, I'm quite interested in any feedback - criticism included. Recognizing insecurity comes before understanding security, so the more folks looking at cryptovirology, the better. Until next time, I'll be dreaming of warmer days, when I'm back in the South, away from 70mph wind gusts, incessant snow, and -30F wind chill. It's all good, though.

Long live thermal underwear and down feathers (and a future excursion to Ipanema).

Tchau.