Computationally sound analysis of protocols using bilinear pairings

Kremer, Steve; Mazaré, Laurent

doi:10.3233/jcs-2009-0388

Cited by 11 publications

(6 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the same vein than [28], Mazaré [76,89] presents an extension the AbadiRogaway logic with a bilinear pairing operation. Their soundness result assumes the hardness of the bilinear decisional Diffie-Hellman problem and an IND-CPA encryption scheme.…”

Section: Modular Exponentiationmentioning

confidence: 99%

“…Since the ideal system is secure by construction it follows that no attack is possible against the real system. The desired connection between symbolic and computational models can therefore be obtained by showing a simulatability relation between an idealized, symbolic cryptographic system and a real, cryptographic implementation of such a Table 1 Summary of the results of symbolic methods for computational security proofs Security proof in symbolic models implies proof in computational ones Passive adversary Active adversary Soundness of pattern equivalence Soundness of trace-based properties -Symmetric encryption [8] -Public key encryption [95] -Completeness result [71,93,94] -with signatures [55,72] -Public key encryption [69,70] -with hash functions [53,73] -Symmetric encryption with composed -Non-malleable commitment [62] keys [84] -Zero-knowledge proofs [46] -Handling key cycles [1,79] Soundness of indistinguishability-based properties -Key dependent message [20] -Nonce indistinguishability for public key -Information-theoretic security [2] encryption and signatures [55] -Hash functions [67] and -Nonce indistinguishability for public key completeness [68] encryption and hash [53,72] -Modular exponentiation [28] and -Soundness of observational equivalence bilinear pairings [76,89] for symmetric encryption [54] -Offline guessing attacks [3] A universally composable cryptographic library -Cryptographically controlled access -Public key encryption and signatures [40] to XML [11,12] -M A C s [ 41] -Adaptive adversary [75] -Symmetric encryption [34] Soundness of static equivalence -Nonce indistinguishabil...…”

mentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems

2010

Self Cite

View full text Add to dashboard Cite

Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches relies on a computational model that considers issues of complexity and probability. This approach captures a strong notion of security, guaranteed against all probabilistic polynomial-time attacks. The other approach relies on a symbolic model of protocol executions in which cryptographic primitives are treated as black boxes. Since the seminal work of Dolev and Yao, it has been realized that this latter approach enables significantly simpler and often automated proofs. However, the guarantees that it offers with respect to the more detailed computational models have been quite unclear. For more than 20 years the two approaches have coexisted but evolved mostly independently. Recently, significant research efforts attempt to develop paradigms for cryptographic systems analysis that combines the best of both worlds. There are two broad directions that have been followed. Computational soundness aims to establish sufficient conditions under which results obtained using symbolic models imply security under computational models. The direct approach aims to apply the principles and the techniques developed in the context of symbolic models directly to computational ones. In this paper we survey existing results along both of these directions. Our goal is to provide a rather complete summary that could act as a quick reference for researchers who V. Cortier (

show abstract

Section: Modular Exponentiationmentioning

confidence: 99%

mentioning

confidence: 99%

A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems

2010

Self Cite

View full text Add to dashboard Cite

show abstract

“…Kremer and Mazaré propose in [29] a manual symbolic analysis method for secrecy with respect to a passive adversary that is computationally sound. They extend Bellare-Rogaway's soundness results to bilinear pairing.…”

Section: Related Workmentioning

confidence: 99%

Automated Verification of Group Key Agreement Protocols

Schmidt

Sasse

Cremers

et al. 2014

2014 IEEE Symposium on Security and Privacy

View full text Add to dashboard Cite

Abstract-We advance the state-of-the-art in automated symbolic cryptographic protocol analysis by providing the first algorithm that can handle Diffie-Hellman exponentiation, bilinear pairing, and AC-operators. Our support for AC-operators enables protocol specifications to use multisets, natural numbers, and finite maps. We implement the algorithm in the TAMARIN prover and provide the first symbolic correctness proofs for group key agreement protocols that use Diffie-Hellman or bilinear pairing, loops, and recursion, while at the same time supporting advanced security properties, such as perfect forward secrecy and eCK-security. We automatically verify a set of protocols, including the STR, group Joux, and GDH protocols, thereby demonstrating the effectiveness of our approach.

show abstract

“…Meadows and Pavlovic adopt an axiomatic approach, which leads to a flexible and suggestive method, but does not elucidate the message structures [38]. Many papers also use linear algebra as we do, such as Pereira and Quisquater's generic insecurity for AGDH [39] and Kremer and Mazaré on protocols using bilinear pairings [27].…”

Section: Introductionmentioning

confidence: 99%

Decidability for Lightweight Diffie-Hellman Protocols

Dougherty

Guttman

2014

2014 IEEE 27th Computer Security Foundations Symposium

View full text Add to dashboard Cite

Many protocols use Diffie-Hellman key agreement, combined with certified long-term values or digital signatures for authentication. These protocols aim at security goals such as key secrecy, forward secrecy, resistance to key compromise attacks, and various flavors of authentication. However, these protocols are challenging to analyze, both in computational and symbolic models. An obstacle in the symbolic model is the undecidability of unification in many theories in the signature of rings. In this paper, we develop an algebraic version of the symbolic approach, working directly within finite fields, the natural structures for the protocols. The adversary, in giving an attack on a protocol goal in a finite field, may rely on any identity in that field. He defeats the protocol if there are attacks in infinitely many finite fields. We prove that, even for this strong adversary, security goals for a wide class of protocols are decidable.

show abstract

Computationally sound analysis of protocols using bilinear pairings

Cited by 11 publications

References 40 publications

A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems

A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems

Automated Verification of Group Key Agreement Protocols

Decidability for Lightweight Diffie-Hellman Protocols

Contact Info

Product

Resources

About