ABSTRACT
Recent advances in the automated analysis of cryptographic protocols have aroused new interest in the practical application of unification modulo theories, especially theories that describe the algebraic properties of cryptosystems. However, this application requires unification algorithms that can be easily implemented and easily extended to combinations of different theories of interest. In practice this has meant that most tools use a version of a technique known as variant unification. This requires, among other things, that the theory be decomposable into a set of axioms B and a set of rewrite rules R such that R has the finite variant property with respect to B. Most theories that arise in cryptographic protocols have decompositions suitable for variant unification, but there is one major exception: the theory that describes encryption that is homomorphic over an Abelian group.
In this paper we address this problem by studying various approximations of homomorphic encryption over an Abelian group. We construct a hierarchy of increasingly richer theories, taking advantage of new results that allow us to automatically verify that their decompositions have the finite variant property. This new verification procedure also allows us to construct a rough metric of the complexity of a theory with respect to variant unification, or variant complexity. We specify different versions of protocols using the different theories, and analyze them in the Maude-NPA cryptographic protocol analysis tool to assess their behavior. This gives us greater understanding of how the theories behave in actual application, and suggests possible techniques for improving performance.
- Maude Formal Environment. http://maude.lcc.uma.es/MFE/.Google Scholar
- Siva Anantharaman, Hai Lin, Christopher Lynch, Paliath Narendran, and Michaël Rusinowitch. Cap unification: application to protocol security modulo homomorphic encryption. In Dengguo Feng, David A. Basin, and Peng Liu, editors, ASIACCS, pages 192--203. ACM, 2010. Google ScholarDigital Library
- Myrto Arapinis, Sergiu Bursuc, and Mark Dermot Ryan. Reduction of equational theories for verification of trace equivalence: Reencryption, associativity and commutativity. In Pierpaolo Degano and Joshua D. Guttman, editors, POST, volume 7215 of Lecture Notes in Computer Science, pages 169--188. Springer, 2012. Google ScholarDigital Library
- Franz Baader. Unification in commutative theories, Hilbert's basis theorem, and Gröbner bases. J. ACM, 40(3):477--503, 1993. Google ScholarDigital Library
- Franz Baader and Werner Nutt. Adding homomorphisms to commutative/monoidal theories or how algebra can help in equational unification. In Ronald V. Book, editor, RTA, volume 488 of Lecture Notes in Computer Science, pages 124--135. Springer, 1991. Google ScholarDigital Library
- Franz Baader and Klaus U. Schulz. Unification in the union of disjoint equational theories: Combining decision procedures. In CADE, volume 607 of LNCS, pages 50--65. Springer, 1992. Google ScholarDigital Library
- David Basin, Sebastian Mödersheim, and Luca Viganò. An on-the-fly model-checker for security protocol analysis. In Proceedings of Esorics'03, LNCS 2808, pages 253--270. Springer-Verlag, 2003.Google ScholarCross Ref
- Bruno Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In CSFW, pages 82--96. IEEE Computer Society, 2001. Google ScholarDigital Library
- Bruno Blanchet, Martín Abadi, and Cédric Fournet. Automated verification of selected equivalences for security protocols. J. Log. Algebr. Program., 75(1):3--51, 2008.Google ScholarCross Ref
- Christopher Bouchard, Kimberly A. Gero, Christopher Lynch, and Paliath Narendran. On forward closure and the finite variant property. In Pascal Fontaine, Christophe Ringeissen, and Renate A. Schmidt, editors, FroCos, volume 8152 of Lecture Notes in Computer Science, pages 327--342. Springer, 2013.Google Scholar
- Felix Brandt. Efficient cryptographic protocol design based on distributed El Gamal encryption. In ICISC, pages 32--47, 2005. Google ScholarDigital Library
- David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2):84--88, 1981. Google ScholarDigital Library
- David Chaum. Blind signatures for untraceable payments. In CRYPTO, pages 199--203, 1982.Google Scholar
- Andrew Cholewa, Jose Meseguer, and Santiago Escobar. Variants of variants and the finite variant property. Technical report, University of Illinois at Urbana-Champaign, http://hdl.handle.net/2142/47117, 2014.Google Scholar
- Hubert Comon-Lundh and Stéphanie Delaune. The finite variant property: How to get rid of some algebraic properties. In Jürgen Giesl, editor, Term Rewriting and Applications, 16th International Conference, RTA 2005, Nara, Japan, April 19-21, 2005, Proceedings, volume 3467 of Lecture Notes in Computer Science, pages 294--307. Springer, 2005. Google ScholarDigital Library
- Serdar Erbatur, Santiago Escobar, Deepak Kapur, Zhiqiang Liu, Christopher Lynch, Catherine Meadows, José Meseguer, Paliath Narendran, Sonia Santiago, and Ralf Sasse. Asymmetric unification: A new unification paradigm for cryptographic protocol analysis. In Maria Paola Bonacina, editor, CADE, volume 7898 of Lecture Notes in Computer Science, pages 231--248. Springer, 2013. Google ScholarDigital Library
- Santiago Escobar, Deepak Kapur, Christopher Lynch, Catherine Meadows, José Meseguer, Paliath Narendran, and Ralf Sasse. Protocol analysis in Maude-NPA using unification modulo homomorphic encryption. In Peter Schneider-Kamp and Michael Hanus, editors, PPDP, pages 65--76. ACM, 2011. Google ScholarDigital Library
- Santiago Escobar, Catherine Meadows, and José Meseguer. A rewriting-based inference system for the NRL Protocol Analyzer and its meta-logical properties. Theor. Comput. Sci., 367(1-2):162--202, 2006. Google ScholarDigital Library
- Santiago Escobar, Catherine Meadows, and José Meseguer. Maude-NPA: Cryptographic protocol analysis modulo equational properties. In Foundations of Security Analysis and Design V, FOSAD 2007/2008/2009 Tutorial Lectures, LNCS vol. 5705, pages 1--50. Springer, 2009. Google ScholarDigital Library
- Santiago Escobar, José Meseguer, and Ralf Sasse. Variant narrowing and equational unification. Electr. Notes Theor. Comput. Sci., 238(3):103--119, 2009. Google ScholarDigital Library
- Santiago Escobar, Ralf Sasse, and José Meseguer. Folding variant narrowing and optimal variant termination. J. Log. Algebr. Program., 81(7-8):898--928, 2012.Google ScholarCross Ref
- Jean-Marie Hullot. A catalogue of canonical term rewriting systems. Technical Report CSL-113, SRI International, 1980.Google ScholarCross Ref
- Deepak Kapur, Paliath Narendran, and Lida Wang. An E-unification algorithm for analyzing protocols that use modular exponentiation. In Robert Nieuwenhuis, editor, RTA, volume 2706 of Lecture Notes in Computer Science, pages 165--179. Springer, 2003. Google ScholarDigital Library
- Deepak Kapur, Paliath Narendran, and Lida Wang. A unification algorithm for analysis of protocols with blinded signatures. In Dieter Hutter and Werner Stephan, editors, Mechanizing Mathematical Reasoning, volume 2605 of Lecture Notes in Computer Science, pages 433--451. Springer, 2005.Google Scholar
- Ralf Küsters and Tomasz Truderung. Using ProVerif to analyze protocols with Diffie-Hellman exponentiation. In CSF, pages 157--171. IEEE Computer Society, 2009. Google ScholarDigital Library
- Ralf Küsters and Tomasz Truderung. Reducing protocol analysis with xor to the xor-free case in the horn theory based approach. Journal of Automated Reasoning, 46(3-4):325--352, 2011. Google ScholarDigital Library
- Hai Lin. Algorithms for cryptographic protocol verification in presence of algebraic properties. PhD thesis, Clarkson University, 2009.Google Scholar
- Zhiqiang Liu. Dealing Efficiently with Exclusive OR, Abelian Groups and Homomorphism in Cryptographic Protocol Analysis. PhD thesis, Clarkson University, 2012.Google Scholar
- Andrew M. Marshall. Equational Unification: Algorithms and Complexity with Applications to Cryptographic Protocol Analysis. PhD thesis, Univ. at Albany--SUNY, Albany, NY, USA, 2012. AAI3512570. Google ScholarDigital Library
- Andrew M. Marshall and Paliath Narendran. New algorithms for unification modulo one-sided distributivity and its variants. In Bernhard Gramlich, Dale Miller, and Uli Sattler, editors, IJCAR, volume 7364 of Lecture Notes in Computer Science, pages 408--422. Springer, 2012. Google ScholarDigital Library
- J. Meseguer. Conditional rewriting logic as a unified model of concurrency. Theoretical Computer Science, 96(1):73--155, 1992. Google ScholarDigital Library
- J. Meseguer. Membership algebra as a logical framework for equational specification. In F. Parisi-Presicce, editor, Proc. WADT'97, pages 18--61. Springer LNCS 1376, 1998. Google ScholarDigital Library
- Sebastian Mödersheim. Models and methods for the automated analysis of security protocols. PhD thesis, ETH Zurich, 2007.Google Scholar
- Paliath Narendran. Solving linear equations over polynomial semirings. In LICS, pages 466--472, 1996. Google ScholarDigital Library
- Werner Nutt. Unification in monoidal theories. In Mark E. Stickel, editor, CADE, volume 449 of Lecture Notes in Computer Science, pages 618--632. Springer, 1990. Google ScholarDigital Library
- H. O. Plugfelder. Quasigroups and Loops: Introduction. Heideman, 1990.Google Scholar
- R. Rivest, L. Adleman, and M. Dertouzos. On data banks and privacy homomorphism. In R. DeMillo, R. Lipton, D. Dobkin, and A. Jones, editors, Foundations of Security Computation. ACM, 1978.Google Scholar
- Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2):120--126, 1978. Google ScholarDigital Library
- Benedikt Schmidt, Simon Meier, Cas J. F. Cremers, and David A. Basin. Automated analysis of Diffie-Hellman protocols and advanced security properties. In CSF, pages 78--94, 2012. Google ScholarDigital Library
- Manfred Schmidt-Schauß. Unification in a combination of arbitrary disjoint equational theories. J. Symb. Comput., 8(1/2):51--99, 1989. Google ScholarDigital Library
- TeReSe, editor. Term Rewriting Systems. Cambridge University Press, Cambridge, 2003.Google Scholar
- Erik Tidén and Stefan Arnborg. Unification problems with one-sided distributivity. J. Symb. Comput., 3(1/2):183--202, 1987. Google ScholarDigital Library
Index Terms
Theories of Homomorphic Encryption, Unification, and the Finite Variant Property
Recommendations
A Pairing-based Homomorphic Encryption Scheme for Multi-User Settings
A new method is presented to privately outsource computation of different users. As a significant cryptographic primitive in cloud computing, homomorphic encryption HE can evaluate on ciphertext directly without decryption, thus avoid information ...
Cryptanalysis of a homomorphic encryption scheme
Homomorphic encryption allows to make specific operations on private data which stays encrypted. While applications such as cloud computing require to have a practical solution, the encryption scheme must be secure. In this article, we detail and ...
Chosen ciphertext secure keyed-homomorphic public-key cryptosystems
In homomorphic encryption schemes, anyone can perform homomorphic operations, and therefore, it is difficult to manage when, where and by whom they are performed. In addition, the property that anyone can "freely" perform the operation inevitably means ...
Comments