Inductive trace properties for computational security

Datta, Anupam; Derek, Ante; Mitchell, John C.

doi:10.3233/jcs-2009-389

Cited by 8 publications

(8 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, these systems reason about constructions described in mathematical vernacular, and are thus not readily amenable to automation. Similar formalisms exist for cryptographic protocols [28], but these are not automated either.…”

Section: Related Workmentioning

confidence: 92%

Fully automated analysis of padding-based encryption in the computational model

Barthe

Crespo

Grégoire

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

View full text Add to dashboard Cite

International audienceComputer-aided verification provides effective means of analyzing the security of cryptographic primitives. However, it has remained a challenge to achieve fully automated analyses yielding guarantees that hold against computational (rather than symbolic) attacks. This paper meets this challenge for public-key encryption schemes built from trapdoor permutations and hash functions. Using a novel combination of techniques from computational and symbolic cryptography, we present proof systems for analyzing the chosen-plaintext and chosen-ciphertext security of such schemes in the random oracle model. Building on these proof systems, we develop a toolset that bundles together fully automated proof and attack finding algorithms. We use this toolset to build a comprehensive database of encryption schemes that records attacks against insecure schemes, and proofs with concrete bounds for secure ones

show abstract

Section: Related Workmentioning

confidence: 92%

Fully automated analysis of padding-based encryption in the computational model

Barthe

Crespo

Grégoire

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

View full text Add to dashboard Cite

show abstract

“…The comments in Section 4.2 apply only to the extensions found in [20,21]. Our comments here do not cover the recent extensions to basic PCL for the analysis of secrecy, as found in [24], nor the computational variants of PCL, as found in e.g. [15].…”

Section: Introductionmentioning

confidence: 95%

On the protocol composition logic PCL

Cremers

2008

Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security

View full text Add to dashboard Cite

A recent development in formal security protocol analysis is the Protocol Composition Logic (PCL). We identify a number of problems with this logic as well as with extensions of the logic, as defined in [9,13,14,17,20,21]. The identified problems imply strong restrictions on the scope of PCL, and imply that some currently claimed PCL proofs cannot be proven within the logic, or make use of unsound axioms. Where possible, we propose solutions for these problems.

show abstract

“…But computational soundness for this primitive has only been considered in a few works. In [24,19,35,36], results for protocols based on Diffie-Hellman exponentiation are given for the computational protocol composition logic. Herzog presents in [25] an abstract model for Diffie-Hellman key exchange protocols; however in this work the abstract model is very different from classical Dolev-Yao models for modular exponentiation [16] as the adversary is extended with the capability of applying arbitrary polynomial time functions.…”

Section: Introductionmentioning

confidence: 99%

Computationally sound analysis of protocols using bilinear pairings

Kremer

Mazaré²

2010

JCS

View full text Add to dashboard Cite

In this paper, we introduce a symbolic model to analyse protocols that use a bilinear pairing between two cyclic groups. This model consists in an extension of the Abadi-Rogaway logic and we prove that the logic is still computationally sound: symbolic indistinguishability implies computational indistinguishability provided that the Bilinear Decisional DiffieHellman assumption holds and that the encryption scheme is IND-CPA secure. We illustrate our results on classical protocols using bilinear pairing like Joux tripartite Diffie-Hellman protocol or the TAK-2 and TAK-3 protocols. We also investigate the security of a newly designed variant of the Burmester-Desmedt protocol using bilinear pairings. More precisely, we show for each of these protocols that the generated key is indistinguishable from a random element.

show abstract

Inductive trace properties for computational security

Cited by 8 publications

References 49 publications

Fully automated analysis of padding-based encryption in the computational model

Fully automated analysis of padding-based encryption in the computational model

On the protocol composition logic PCL

Computationally sound analysis of protocols using bilinear pairings

Contact Info

Product

Resources

About