Abstract
The task-structured probabilistic I/O automata (task-PIOA) framework provides a method to formulate and to prove the computationally bounded security of non-sequential processing systems in a formal way. Formalizing non-sequential processes for strong adversaries is not easy. Actually, existing security analyses using the task-PIOA framework are for cryptographic protocols (e.g., the EGL oblivious transfer) only against simple adversaries (e.g., honest but curious adversary). For example, there is no case study for digital signature against strong active adversaries (i.e., EUF-CMA) in the task-PIOA framework. In this paper, we propose the first formalization of digital signature against EUF-CMA in the task-PIOA framework. To formalize the non-sequential process of EUF-CMA, we introduce a new technique for the iteration of an identical action in a single session. Using the task-PIOA framework allows us to verify security of signature schemes in the non-sequential scheduling manner. We show the validity and usefulness of our formulation by giving a formal security analysis of the FDH signature scheme. In order to prove the security, we also introduce a method to utilize the power of random oracles. As far as we know, this work is the first case study to clarify usefulness of random oracles in this framework.
Similar content being viewed by others
Notes
Though Funct is defined with a parameter Tdp, we can essentially parameterize it with arbitrary and universal verification key space. In this paper, for the security proof in Sect. 4, we show the code by replacing universal verification key space to Tdp concretely.
References
Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). IFIP TCS 2000, 3–22 (2000)
Araragi, T., Pereira, O.: Automatic verification of simulatability in security protocols. IAS 2008, 275–280 (2008)
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. ACM Conf. Comput. Commun. Secur. 1993, 62–73 (1993)
Blanchet, B., Pointcheval, D.: Automated security proofs with sequences of games. CRYPTO 2006, 537–554 (2006)
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS 2001, pp. 136–145 (2001). Full version is at http://eprint.iacr.org/2000/067
Canetti, R.: Universally composable signature, certification, and authentication. CSFW 2004, 219–233 (2004)
Canetti, R., Cheung, L., Kaynar, D.K., Liskov, M., Lynch, N.A., Pereira, O., Segala, R.: Using Task-Structured Probabilistic I/O Automata to Analyze an Oblivious Transfer Protocol. Tech. rep., MIT CSAIL-TR-2007-011 (2007)
Canetti, R., Cheung, L., Kaynar, D.K., Liskov, M., Lynch, N.A., Pereira, O., Segala, R.: Analyzing security protocols using time-bounded task-PIOAs. Discret. Event Dyn. Syst. 18(1), 111–159 (2008)
Canetti, R., Cheung, L., Lynch, N.A., Pereira, O.: On the role of scheduling in simulation-based security. WITS 2007, 22–37 (2007)
Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited (preliminary version). STOC 1998, 209–218 (1998)
Canetti, R., Herzog, J.: Universally composable symbolic analysis of mutual authentication and key-exchange protocols. TCC 2006, 380–403 (2006)
Cheung, L., Mitra, S., Pereira, O.: Verifying statistical zero knowledge with approximate implementations. In: Cryptology ePrint Archive 2007/195 (2007)
Corin, R., den Hartog, J.: A probabilistic Hoare-style logic for game-based cryptographic proofs. ICALP 2006, 252–263 (2006)
Cortier, V., Warinschi, B.: Computationally sound, automated proofs for security protocols. ESOP 2005, 157–171 (2005)
Datta, A., Küsters, R., Mitchell, J.C., Ramanathan, A.: On the relationships between notions of simulation-based security. J. Cryptol. 21(4), 492–546 (2008)
Datta, A., Küsters, R., Mitchell, J.C., Ramanathan, A., Shmatikov, V.: Unifying equivalence-based definitions of protocol security. In: WITS 2004 (2004)
Dolev, D., Yao, A.C.C.: On the security of public key protocols. FOCS 1981, 350–357 (1981)
Jaggard, A.D., Meadows, C., Mislove, M.W., Segala, R.: Reasoning about probabilistic security using task-PIOAs. ARSPA-WITS 2010, 2–22 (2010)
Micciancio, D., Warinschi, B.: Soundness of formal encryption in the presence of active adversaries. TCC 2004, 133–151 (2004)
Mitchell, J.C., Ramanathan, A., Scedrov, A., Teague, V.: A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols. Theor. Comput. Sci. 353, 118–164 (2006)
Yoneyama, K.: Indifferentiable security reconsidered: role of scheduling. ISC 2010, 430–444 (2010)
Yoneyama, K.: Formal modeling of random oracle programmability and verification of signature unforgeability using task-PIOAs. In: ICISC 2014 (2014)
Yoneyama, K., Kokubun, Y., Ohta, K.: A security analysis on Diffie-Hellman key exchange against adaptive adversaries using task-structured PIOA. FCS-ARSPA 2007, 131–148 (2007)
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
This paper does not receive any funding because the work is done as a business at my company.
Human and animal rights
This paper does not involve any human participants and animals.
Informed consent
Any informed consent is not necessary for this paper because it does not involve any human participants and animals.
Additional information
This paper is the full version of the extended abstract appeared in [22].
This paper follows ethical rules of the journal as follows: Originality: This paper extends our earlier conference paper [22]. The earlier paper gives an idea of formalizing random oracle programmability and a security proof of the FDH signature using task-PIOAs. However, it does not contain any concrete formalization or the proof. This submission provides a significantly new work: concrete codes for all task-PIOAs and the security proof of the FDH signature using task-PIOAs.
Rights and permissions
About this article
Cite this article
Yoneyama, K. Formal modeling of random oracle programmability and verification of signature unforgeability using task-PIOAs. Int. J. Inf. Secur. 17, 43–66 (2018). https://doi.org/10.1007/s10207-016-0352-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-016-0352-y