kleptography
n. The secret theft of information using a security hole deliberately built into a cryptographic system. [klepto- + cryptography]
kleptographic adj.

Example Citations:
Another story — once again not really news — describes a practice that Congress should make flat-out and unambiguously illegal: The NSA submitted to NIST (National Institute of Standards and Technology) a random number generation algorithm with a backdoor in it.

There‘s actually a technical term for this sort of vulnerability: Kleptography is the use of attacks built into a cryptographic system, i.e. a crypto backdoor.
—Larry Seltzer, “Has the NSA broken our encryption?,” ZDNet, September 6, 2013

The threat of kleptography has been discussed since the mid-1990s, but it was not until recently that it’s received significant attention. This may be in part due to increasingly common discussions about the potential threats from this kind of highly sophisticated attack, but it is more likely due to several recent documented implementations of kleptographic attacks.
—Bernhard Esslinger and Patrick Vacek, “The Dark Side of Cryptography: Kleptography in Black-Box Implementations,” Infosecurity, February 20, 2013

Earliest Citation:
The notion of a Secretly Embedded Trapdoor with Universal Protection (SETUP) has been recently introduced. In this paper we extend the study of stealing information securely and subliminally from black-box cryptosystems. The SETUP mechanisms presented here, in contrast with previous ones, leak secret key information without using an explicit subliminal channel. This extends this area of threats, which we call “kleptography”.
—Adam Young and Moti Yung, “Kleptography: Using Cryptography Against Cryptography” (PDF), Advances in Cryptology, January 15, 1997

Notes:

Related Words:

Categories: