ACM Digital Library home
ACM home
Advanced Search
10.1145/1455770.1455786acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedings
research-article

Computational soundness of observational equivalence

Publication: CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityOctober 2008 Pages 109–118https://doi.org/10.1145/1455770.1455786
  • 55citation
  • 410
    • Downloads
Metrics
Total Citations55
Total Downloads410
Last 12 Months26
Last 6 weeks2

ABSTRACT

Many security properties are naturally expressed as indistinguishability between two versions of a protocol. In this paper, we show that computational proofs of indistinguishability can be considerably simplified, for a class of processes that covers most existing protocols. More precisely, we show a soundness theorem, following the line of research launched by Abadi and Rogaway in 2000: computational indistinguishability in presence of an active attacker is implied by the observational equivalence of the corresponding symbolic processes. We prove our result for symmetric encryption, but the same techniques can be applied to other security primitives such as signatures and public-key encryption. The proof requires the introduction of new concepts, which are general and can be reused in other settings.

References

  1. M. Abadi, M. Baudet, and B. Warinschi. Guessing attacks and the computational soundness of static equivalence. In Foundations of Software Science and Computation Structure (FoSSaCS'06), volume 3921 of LNCS, pages 398--412, 2006.Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. M. Abadi and C. Fournet. Mobile values, new names, and secure communication. In Principles of Programming Languages (POPL'01), pages 104--115, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. M. Abadi and J. Jürgens. Formal eavesdropping and its computational interpretation. In Theoretical Aspects of Computer Software, LNCS 2215, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. M. Abadi and P. Rogaway. Reconciling two views of cryptography: the computational soundness of formal encryption. J. Cryptology, 2007.Google ScholarGoogle Scholar
  5. M. Abdalla and B. Warinschi. On the minimal assumptions of group signature schemes. In 6th International Conference on Information and Communication Security, pages 1--13, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  6. P. Adao and C. Fournet. Cryptographically sound implementations for communicating processes. In International Colloquium on Algorithms, Languages and Programming (ICALP'06), 2006.Google ScholarGoogle Scholar
  7. M. Backes, M. Dürmuth, and R. Küsters. On simulatability soundness and mapping soundness of symbolic cryptography. In Proc. of 27th FSTTCS, volume 4855 of LNCS, 2007.Google ScholarGoogle Scholar
  8. M. Backes and B. Pfitzmann. Symmetric encryption in a simulatable Dolev-Yao style cryptographic library. In Computer Security Foundations Workshop (CSFW'04), 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. M. Backes and B. Pfitzmann. Relating cryptographic und symbolic key secrecy. In Symp. on Security and Privacy (SSP'05), pages 171--182, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. M. Backes, B. Pfitzmann, and M. Waidner. A composable cryptographic library with nested operations. In 10th ACM Concerence on Computer and Communications Security (CCS'03), 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. M. Backes, B. Pfitzmann, and M. Waidner. The reactive simulatability (RSIM) framework for asynchronous systems. Information and Computation, 205(12):1685--1720, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. M. Baudet, V. Cortier, and S. Kremer. Computationally sound implementations of equational theories against passive adversaries. In Proc. ICALP'05, volume 3580 of LNCS, 2005.Google ScholarGoogle Scholar
  13. M. Bellare and C. Namprempre. Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In Advances in Cryptology (ASIACRYPT 2000), volume 1976 of LNCS, pages 531--545, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In Computer Security Foundations Workshop (CSFW'01), 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. B. Blanchet, M. Abadi, and C. Fournet. Automated verification of selected equivalences for security protocols. Journal of Logic and Algebraic Programming, 75(1):3--51, 2008.Google ScholarGoogle ScholarCross RefCross Ref
  16. M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Technical Report 39, Digital Systems Research Center, February 1989.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. R. Canetti. Universal composable security: a new paradigm for cryptographic protocols. In Symposium on Foundations of Computer Science, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. R. Canetti and J. Herzog. Universally composable symbolic analysis of cryptographic protocols. In Theory of Cryptography Conference (TCC'06), 2006.Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. R. Canetti and T. Rabin. Universal composition with joint state. Cryptology ePrint Archive, report 2002/47, Nov. 2003.Google ScholarGoogle Scholar
  20. H. Comon-Lundh and V. Cortier. Computational soundness of observational equivalence. Research Report 6508, INRIA, https://hal.inria.fr/inria-00274158, Apr. 2008.Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. V. Cortier, S. Kremer, R. Küsters, and B. Warinschi. Computationally sound symbolic secrecy in the presence of hash functions. In Proc. FSTTCS, volume 4337 of LNCS, pages 176--187, 2006.Google ScholarGoogle Scholar
  22. V. Cortier and B. Warinschi. Computationally sound, automated proofs for security protocols. In European Symposium on Programming (ESOP'05), volume 3444 of LNCS, pages 157--171, 2005.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. S. Delaune, S. Kremer, and M. D. Ryan. Coercion-resistance and receipt-freeness in electronic voting. In Computer Security Foundations Workshop (CSFW'06), pages 28--39, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. S. Delaune, S. Kremer, and M. D. Ryan. Symbolic bisimulation for the applied pi-calculus. In Foundations of Software Technology and Theoretical Computer Science (FSTTCS'07), volume 4855 of LNCS, pages 133--145, 2007.Google ScholarGoogle Scholar
  25. H. Hüttel. Deciding framed bisimilarity. In Proc. INFINITY'02, 2002.Google ScholarGoogle ScholarCross RefCross Ref
  26. R. Janvier, Y. Lakhnech, and L. Mazaré. Completing the picture: Soundness of formal encryption in the presence of active adversaries. In European Symposium on Programming (ESOP'05), volume 3444 of LNCS, pages 172--185. Springer, 2005.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. A. Juels, M. Luby, and R. Ostrovsky. Security of blind digital signatures. In advances in cryptology, (CRYPTO-97), volume 1294 of LNCS, pages 150--164, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. S. Kremer and L. Mazaré. Adaptive soundness of static equivalence. In European Symposium on Research in Computer Security (ESORICS'07), volume 4734 of LNCS, pages 610--625, 2007.Google ScholarGoogle ScholarCross RefCross Ref
  29. R. Küsters and M. Tuengerthal. Joint state theorems for public-key encryption and digital signature functionalities with local computations. In Computer Security Foundations (CSF'08), 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. P. Laud. Symmetric encryption in automatic analyses for confidentiality against active adversaries. In Symp. on Security and Privacy (SSP'04), pages 71--85, 2004.Google ScholarGoogle Scholar
  31. D. Micciancio and B. Warinschi. Completeness theorems for the Abadi-Rogaway language of encrypted expressions. Journal of Computer Security, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. D. Micciancio and B. Warinschi. Soundness of formal encryption in presence of an active attacker. In Theory of Cryptography Conference (TCC'04), volume 2951 of LNCS, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  33. J. Mitchell, A. Ramanathan, and V. Teague. A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols. Theoretical Comput. Sci., 353:118--164, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Computational soundness of observational equivalence

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      Get this Publication

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      View Table of Contents
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!