Abstract
In the investigation of the relationship between the formal and the computational view of cryptography, a recent approach, first proposed in [10], uses static equivalence from cryptographic pi calculi as a notion of formal indistinguishability. Previous work [10,1] has shown that this yields the soundness of natural interpretations of some interesting equational theories, such as certain cryptographic operations and a theory of XOR. In this paper however, we argue that static equivalence is too coarse to allow sound interpretations of many natural and useful equational theories. We illustrate this with several explicit examples in which static equivalence fails to work. To fix the problem, we propose a notion of formal indistinguishability that is more flexible than static equivalence. We provide a general framework along with general theorems, and then discuss how this new notion works for the explicit examples where static equivalence fails to ensure soundness.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abadi, M., Baudet, M., Warinschi, B.: Guessing attacks and the computational soundness of static equivalence. In: Aceto, L., Ingólfsdóttir, A. (eds.) FOSSACS 2006 and ETAPS 2006. LNCS, vol. 3921, pp. 398–412. Springer, Heidelberg (2006)
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: POPL 2001. Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 104–115. ACM Press, New York (2001)
Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The Spi Calculus. Information and Computation, 148(1), 1–70 (1999)
Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). Journal of Cryptology 15(2), 103–127 (2002)
Adão, P., Bana, G., Herzog, J., Scedrov, A.: Soundness of formal encryption in the presence of key-cycles. In: di Vimercati, S.D.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 12–14. Springer, Heidelberg (2005)
Adão, P., Bana, G., Scedrov, A.: Computational and information-theoretic soundness and completeness of formal encryption. In: CSFW. Proceedings of the 18th IEEE Computer Security Foundations Workshop, pp. 170–184. IEEE Computer Society Press, Los Alamitos (2005)
Backes, M., Pfitzmann, B.: Symmetric encryption in a simulatable Dolev-Yao style cryptographic library. In: Proceedings of the 17th IEEE Computer Security Foundations Workshop, vol. 59, pp. 204–218. IEEE Computer Society Press, Los Alamitos (2004)
Backes, M., Pfitzmann, B., Waidner, M.: A composable cryptographic library with nested operations. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) CCS. Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 27–30. ACM Press, New York (2003)
Bana, G., Mohassel, P., Stegers, T.: Computational soundness of formal indistinguishability and static equivalence. Cryptology ePrint Archive, Report 2006/323, 2006, http://eprint.iacr.org/
Baudet, M., Cortier, V., Kremer, S.: Computationally sound implementations of equational theories against passive adversaries. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 652–663. Springer, Heidelberg (2005)
Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: FOCS. 42nd IEEE Symposium on Foundations of Computer Science, October 14–17 2001, pp. 136–145. IEEE Computer Society Press, Los Alamitos (2001)
Canetti, R., Herzog, J.: Universally composable symbolic analysis of mutual authentication and key exchange protocols. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, Springer, Heidelberg (2006)
Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 23–27. Springer, Heidelberg (1998)
Datta, A., Derek, A., Mitchell, J.C., Shmatikov, V., Turuani, M.: Probabilistic polynomial-time semantics for a protocol security logic. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 11–15. Springer, Heidelberg (2005)
Dolev, D., Yao, A.C.: On the security of public-key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)
Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and Systems Sciences 28(2), 270–299 (1982)
Guttman, J.D., Thayer, F.J., Zuck, L.D.: The faithfulness of abstract protocol analysis: Message authentication. In: Samarati, P. (ed.) CCS. Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 186–195. ACM Press, New York (2001)
Laud, P.: Encryption cycles and two views of cryptography. In (NORDSEC). Proceedings of the 7th Nordic Workshop on Secure IT Systems, Karlstad, Sweden, vol. 31, Karlstad University Studies (November 7–8 2002)
Laud, P.: Symmetric encryption in automatic analyses for confidentiality against active adversaries. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy, May 9–12 2004, pp. 9–12. IEEE Computer Society Press, Los Alamitos (2004)
Micciancio, D., Warinschi, B.: Completeness theorems for the Abadi-Rogaway logic of encrypted expressions. Journal of Computer Security 12(1), 99–130 (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bana, G., Mohassel, P., Stegers, T. (2007). Computational Soundness of Formal Indistinguishability and Static Equivalence. In: Okada, M., Satoh, I. (eds) Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues. ASIAN 2006. Lecture Notes in Computer Science, vol 4435. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77505-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-77505-8_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77504-1
Online ISBN: 978-3-540-77505-8
eBook Packages: Computer ScienceComputer Science (R0)