skip to main content
10.1145/2643135.2643154acmconferencesArticle/Chapter ViewAbstractPublication PagesppdpConference Proceedingsconference-collections
tutorial

Theories of Homomorphic Encryption, Unification, and the Finite Variant Property

Published:08 September 2014Publication History

ABSTRACT

Recent advances in the automated analysis of cryptographic protocols have aroused new interest in the practical application of unification modulo theories, especially theories that describe the algebraic properties of cryptosystems. However, this application requires unification algorithms that can be easily implemented and easily extended to combinations of different theories of interest. In practice this has meant that most tools use a version of a technique known as variant unification. This requires, among other things, that the theory be decomposable into a set of axioms B and a set of rewrite rules R such that R has the finite variant property with respect to B. Most theories that arise in cryptographic protocols have decompositions suitable for variant unification, but there is one major exception: the theory that describes encryption that is homomorphic over an Abelian group.

In this paper we address this problem by studying various approximations of homomorphic encryption over an Abelian group. We construct a hierarchy of increasingly richer theories, taking advantage of new results that allow us to automatically verify that their decompositions have the finite variant property. This new verification procedure also allows us to construct a rough metric of the complexity of a theory with respect to variant unification, or variant complexity. We specify different versions of protocols using the different theories, and analyze them in the Maude-NPA cryptographic protocol analysis tool to assess their behavior. This gives us greater understanding of how the theories behave in actual application, and suggests possible techniques for improving performance.

References

  1. Maude Formal Environment. http://maude.lcc.uma.es/MFE/.Google ScholarGoogle Scholar
  2. Siva Anantharaman, Hai Lin, Christopher Lynch, Paliath Narendran, and Michaël Rusinowitch. Cap unification: application to protocol security modulo homomorphic encryption. In Dengguo Feng, David A. Basin, and Peng Liu, editors, ASIACCS, pages 192--203. ACM, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Myrto Arapinis, Sergiu Bursuc, and Mark Dermot Ryan. Reduction of equational theories for verification of trace equivalence: Reencryption, associativity and commutativity. In Pierpaolo Degano and Joshua D. Guttman, editors, POST, volume 7215 of Lecture Notes in Computer Science, pages 169--188. Springer, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Franz Baader. Unification in commutative theories, Hilbert's basis theorem, and Gröbner bases. J. ACM, 40(3):477--503, 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Franz Baader and Werner Nutt. Adding homomorphisms to commutative/monoidal theories or how algebra can help in equational unification. In Ronald V. Book, editor, RTA, volume 488 of Lecture Notes in Computer Science, pages 124--135. Springer, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Franz Baader and Klaus U. Schulz. Unification in the union of disjoint equational theories: Combining decision procedures. In CADE, volume 607 of LNCS, pages 50--65. Springer, 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. David Basin, Sebastian Mödersheim, and Luca Viganò. An on-the-fly model-checker for security protocol analysis. In Proceedings of Esorics'03, LNCS 2808, pages 253--270. Springer-Verlag, 2003.Google ScholarGoogle ScholarCross RefCross Ref
  8. Bruno Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In CSFW, pages 82--96. IEEE Computer Society, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Bruno Blanchet, Martín Abadi, and Cédric Fournet. Automated verification of selected equivalences for security protocols. J. Log. Algebr. Program., 75(1):3--51, 2008.Google ScholarGoogle ScholarCross RefCross Ref
  10. Christopher Bouchard, Kimberly A. Gero, Christopher Lynch, and Paliath Narendran. On forward closure and the finite variant property. In Pascal Fontaine, Christophe Ringeissen, and Renate A. Schmidt, editors, FroCos, volume 8152 of Lecture Notes in Computer Science, pages 327--342. Springer, 2013.Google ScholarGoogle Scholar
  11. Felix Brandt. Efficient cryptographic protocol design based on distributed El Gamal encryption. In ICISC, pages 32--47, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2):84--88, 1981. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. David Chaum. Blind signatures for untraceable payments. In CRYPTO, pages 199--203, 1982.Google ScholarGoogle Scholar
  14. Andrew Cholewa, Jose Meseguer, and Santiago Escobar. Variants of variants and the finite variant property. Technical report, University of Illinois at Urbana-Champaign, http://hdl.handle.net/2142/47117, 2014.Google ScholarGoogle Scholar
  15. Hubert Comon-Lundh and Stéphanie Delaune. The finite variant property: How to get rid of some algebraic properties. In Jürgen Giesl, editor, Term Rewriting and Applications, 16th International Conference, RTA 2005, Nara, Japan, April 19-21, 2005, Proceedings, volume 3467 of Lecture Notes in Computer Science, pages 294--307. Springer, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Serdar Erbatur, Santiago Escobar, Deepak Kapur, Zhiqiang Liu, Christopher Lynch, Catherine Meadows, José Meseguer, Paliath Narendran, Sonia Santiago, and Ralf Sasse. Asymmetric unification: A new unification paradigm for cryptographic protocol analysis. In Maria Paola Bonacina, editor, CADE, volume 7898 of Lecture Notes in Computer Science, pages 231--248. Springer, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Santiago Escobar, Deepak Kapur, Christopher Lynch, Catherine Meadows, José Meseguer, Paliath Narendran, and Ralf Sasse. Protocol analysis in Maude-NPA using unification modulo homomorphic encryption. In Peter Schneider-Kamp and Michael Hanus, editors, PPDP, pages 65--76. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Santiago Escobar, Catherine Meadows, and José Meseguer. A rewriting-based inference system for the NRL Protocol Analyzer and its meta-logical properties. Theor. Comput. Sci., 367(1-2):162--202, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Santiago Escobar, Catherine Meadows, and José Meseguer. Maude-NPA: Cryptographic protocol analysis modulo equational properties. In Foundations of Security Analysis and Design V, FOSAD 2007/2008/2009 Tutorial Lectures, LNCS vol. 5705, pages 1--50. Springer, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Santiago Escobar, José Meseguer, and Ralf Sasse. Variant narrowing and equational unification. Electr. Notes Theor. Comput. Sci., 238(3):103--119, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Santiago Escobar, Ralf Sasse, and José Meseguer. Folding variant narrowing and optimal variant termination. J. Log. Algebr. Program., 81(7-8):898--928, 2012.Google ScholarGoogle ScholarCross RefCross Ref
  22. Jean-Marie Hullot. A catalogue of canonical term rewriting systems. Technical Report CSL-113, SRI International, 1980.Google ScholarGoogle ScholarCross RefCross Ref
  23. Deepak Kapur, Paliath Narendran, and Lida Wang. An E-unification algorithm for analyzing protocols that use modular exponentiation. In Robert Nieuwenhuis, editor, RTA, volume 2706 of Lecture Notes in Computer Science, pages 165--179. Springer, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Deepak Kapur, Paliath Narendran, and Lida Wang. A unification algorithm for analysis of protocols with blinded signatures. In Dieter Hutter and Werner Stephan, editors, Mechanizing Mathematical Reasoning, volume 2605 of Lecture Notes in Computer Science, pages 433--451. Springer, 2005.Google ScholarGoogle Scholar
  25. Ralf Küsters and Tomasz Truderung. Using ProVerif to analyze protocols with Diffie-Hellman exponentiation. In CSF, pages 157--171. IEEE Computer Society, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Ralf Küsters and Tomasz Truderung. Reducing protocol analysis with xor to the xor-free case in the horn theory based approach. Journal of Automated Reasoning, 46(3-4):325--352, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Hai Lin. Algorithms for cryptographic protocol verification in presence of algebraic properties. PhD thesis, Clarkson University, 2009.Google ScholarGoogle Scholar
  28. Zhiqiang Liu. Dealing Efficiently with Exclusive OR, Abelian Groups and Homomorphism in Cryptographic Protocol Analysis. PhD thesis, Clarkson University, 2012.Google ScholarGoogle Scholar
  29. Andrew M. Marshall. Equational Unification: Algorithms and Complexity with Applications to Cryptographic Protocol Analysis. PhD thesis, Univ. at Albany--SUNY, Albany, NY, USA, 2012. AAI3512570. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Andrew M. Marshall and Paliath Narendran. New algorithms for unification modulo one-sided distributivity and its variants. In Bernhard Gramlich, Dale Miller, and Uli Sattler, editors, IJCAR, volume 7364 of Lecture Notes in Computer Science, pages 408--422. Springer, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. J. Meseguer. Conditional rewriting logic as a unified model of concurrency. Theoretical Computer Science, 96(1):73--155, 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. J. Meseguer. Membership algebra as a logical framework for equational specification. In F. Parisi-Presicce, editor, Proc. WADT'97, pages 18--61. Springer LNCS 1376, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Sebastian Mödersheim. Models and methods for the automated analysis of security protocols. PhD thesis, ETH Zurich, 2007.Google ScholarGoogle Scholar
  34. Paliath Narendran. Solving linear equations over polynomial semirings. In LICS, pages 466--472, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Werner Nutt. Unification in monoidal theories. In Mark E. Stickel, editor, CADE, volume 449 of Lecture Notes in Computer Science, pages 618--632. Springer, 1990. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. H. O. Plugfelder. Quasigroups and Loops: Introduction. Heideman, 1990.Google ScholarGoogle Scholar
  37. R. Rivest, L. Adleman, and M. Dertouzos. On data banks and privacy homomorphism. In R. DeMillo, R. Lipton, D. Dobkin, and A. Jones, editors, Foundations of Security Computation. ACM, 1978.Google ScholarGoogle Scholar
  38. Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2):120--126, 1978. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Benedikt Schmidt, Simon Meier, Cas J. F. Cremers, and David A. Basin. Automated analysis of Diffie-Hellman protocols and advanced security properties. In CSF, pages 78--94, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Manfred Schmidt-Schauß. Unification in a combination of arbitrary disjoint equational theories. J. Symb. Comput., 8(1/2):51--99, 1989. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. TeReSe, editor. Term Rewriting Systems. Cambridge University Press, Cambridge, 2003.Google ScholarGoogle Scholar
  42. Erik Tidén and Stefan Arnborg. Unification problems with one-sided distributivity. J. Symb. Comput., 3(1/2):183--202, 1987. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Theories of Homomorphic Encryption, Unification, and the Finite Variant Property

                    Recommendations

                    Comments

                    Login options

                    Check if you have access through your login credentials or your institution to get full access on this article.

                    Sign in
                    • Published in

                      cover image ACM Conferences
                      PPDP '14: Proceedings of the 16th International Symposium on Principles and Practice of Declarative Programming
                      September 2014
                      288 pages
                      ISBN:9781450329477
                      DOI:10.1145/2643135

                      Copyright © 2014 ACM

                      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

                      Publisher

                      Association for Computing Machinery

                      New York, NY, United States

                      Publication History

                      • Published: 8 September 2014

                      Permissions

                      Request permissions about this article.

                      Request Permissions

                      Check for updates

                      Qualifiers

                      • tutorial
                      • Research
                      • Refereed limited

                      Acceptance Rates

                      PPDP '14 Paper Acceptance Rate22of43submissions,51%Overall Acceptance Rate230of486submissions,47%

                    PDF Format

                    View or Download as a PDF file.

                    PDF

                    eReader

                    View online with eReader.

                    eReader