research-article

Computational soundness of observational equivalence

Authors:
Hubert Comon-Lundh

AIST and ENS Cachan, Tokyo, Japan

AIST and ENS Cachan, Tokyo, Japan
View Profile

,
Véronique Cortier

LORIA, CNRS & INRIA, Nancy, France

LORIA, CNRS & INRIA, Nancy, France
View Profile

CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityOctober 2008Pages 109–118https://doi.org/10.1145/1455770.1455786

Published:27 October 2008Publication History

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

Pages 109–118

ABSTRACT

Many security properties are naturally expressed as indistinguishability between two versions of a protocol. In this paper, we show that computational proofs of indistinguishability can be considerably simplified, for a class of processes that covers most existing protocols. More precisely, we show a soundness theorem, following the line of research launched by Abadi and Rogaway in 2000: computational indistinguishability in presence of an active attacker is implied by the observational equivalence of the corresponding symbolic processes. We prove our result for symmetric encryption, but the same techniques can be applied to other security primitives such as signatures and public-key encryption. The proof requires the introduction of new concepts, which are general and can be reused in other settings.

References

M. Abadi, M. Baudet, and B. Warinschi. Guessing attacks and the computational soundness of static equivalence. In Foundations of Software Science and Computation Structure (FoSSaCS'06), volume 3921 of LNCS, pages 398--412, 2006.Google ScholarDigital Library
M. Abadi and C. Fournet. Mobile values, new names, and secure communication. In Principles of Programming Languages (POPL'01), pages 104--115, 2001. Google ScholarDigital Library
M. Abadi and J. Jürgens. Formal eavesdropping and its computational interpretation. In Theoretical Aspects of Computer Software, LNCS 2215, 2001. Google ScholarDigital Library
M. Abadi and P. Rogaway. Reconciling two views of cryptography: the computational soundness of formal encryption. J. Cryptology, 2007.Google Scholar
M. Abdalla and B. Warinschi. On the minimal assumptions of group signature schemes. In 6th International Conference on Information and Communication Security, pages 1--13, 2004.Google ScholarCross Ref
P. Adao and C. Fournet. Cryptographically sound implementations for communicating processes. In International Colloquium on Algorithms, Languages and Programming (ICALP'06), 2006.Google ScholarDigital Library
M. Backes, M. Dürmuth, and R. Küsters. On simulatability soundness and mapping soundness of symbolic cryptography. In Proc. of 27th FSTTCS, volume 4855 of LNCS, 2007.Google ScholarDigital Library
M. Backes and B. Pfitzmann. Symmetric encryption in a simulatable Dolev-Yao style cryptographic library. In Computer Security Foundations Workshop (CSFW'04), 2004. Google ScholarDigital Library
M. Backes and B. Pfitzmann. Relating cryptographic und symbolic key secrecy. In Symp. on Security and Privacy (SSP'05), pages 171--182, 2005. Google ScholarDigital Library
M. Backes, B. Pfitzmann, and M. Waidner. A composable cryptographic library with nested operations. In 10th ACM Concerence on Computer and Communications Security (CCS'03), 2003. Google ScholarDigital Library
M. Backes, B. Pfitzmann, and M. Waidner. The reactive simulatability (RSIM) framework for asynchronous systems. Information and Computation, 205(12):1685--1720, 2007. Google ScholarDigital Library
M. Baudet, V. Cortier, and S. Kremer. Computationally sound implementations of equational theories against passive adversaries. In Proc. ICALP'05, volume 3580 of LNCS, 2005.Google ScholarDigital Library
M. Bellare and C. Namprempre. Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In Advances in Cryptology (ASIACRYPT 2000), volume 1976 of LNCS, pages 531--545, 2000. Google ScholarDigital Library
B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In Computer Security Foundations Workshop (CSFW'01), 2001. Google ScholarDigital Library
B. Blanchet, M. Abadi, and C. Fournet. Automated verification of selected equivalences for security protocols. Journal of Logic and Algebraic Programming, 75(1):3--51, 2008.Google ScholarCross Ref
M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Technical Report 39, Digital Systems Research Center, February 1989.Google Scholar
R. Canetti. Universal composable security: a new paradigm for cryptographic protocols. In Symposium on Foundations of Computer Science, 2001. Google ScholarDigital Library
R. Canetti and J. Herzog. Universally composable symbolic analysis of cryptographic protocols. In Theory of Cryptography Conference (TCC'06), 2006.Google ScholarDigital Library
R. Canetti and T. Rabin. Universal composition with joint state. Cryptology ePrint Archive, report 2002/47, Nov. 2003.Google Scholar
H. Comon-Lundh and V. Cortier. Computational soundness of observational equivalence. Research Report 6508, INRIA, https://hal.inria.fr/inria-00274158, Apr. 2008.Google Scholar
V. Cortier, S. Kremer, R. Küsters, and B. Warinschi. Computationally sound symbolic secrecy in the presence of hash functions. In Proc. FSTTCS, volume 4337 of LNCS, pages 176--187, 2006.Google ScholarDigital Library
V. Cortier and B. Warinschi. Computationally sound, automated proofs for security protocols. In European Symposium on Programming (ESOP'05), volume 3444 of LNCS, pages 157--171, 2005.Google ScholarDigital Library
S. Delaune, S. Kremer, and M. D. Ryan. Coercion-resistance and receipt-freeness in electronic voting. In Computer Security Foundations Workshop (CSFW'06), pages 28--39, 2006. Google ScholarDigital Library
S. Delaune, S. Kremer, and M. D. Ryan. Symbolic bisimulation for the applied pi-calculus. In Foundations of Software Technology and Theoretical Computer Science (FSTTCS'07), volume 4855 of LNCS, pages 133--145, 2007.Google ScholarDigital Library
H. Hüttel. Deciding framed bisimilarity. In Proc. INFINITY'02, 2002.Google ScholarCross Ref
R. Janvier, Y. Lakhnech, and L. Mazaré. Completing the picture: Soundness of formal encryption in the presence of active adversaries. In European Symposium on Programming (ESOP'05), volume 3444 of LNCS, pages 172--185. Springer, 2005.Google ScholarDigital Library
A. Juels, M. Luby, and R. Ostrovsky. Security of blind digital signatures. In advances in cryptology, (CRYPTO-97), volume 1294 of LNCS, pages 150--164, 1997. Google ScholarDigital Library
S. Kremer and L. Mazaré. Adaptive soundness of static equivalence. In European Symposium on Research in Computer Security (ESORICS'07), volume 4734 of LNCS, pages 610--625, 2007.Google ScholarCross Ref
R. Küsters and M. Tuengerthal. Joint state theorems for public-key encryption and digital signature functionalities with local computations. In Computer Security Foundations (CSF'08), 2008. Google ScholarDigital Library
P. Laud. Symmetric encryption in automatic analyses for confidentiality against active adversaries. In Symp. on Security and Privacy (SSP'04), pages 71--85, 2004.Google Scholar
D. Micciancio and B. Warinschi. Completeness theorems for the Abadi-Rogaway language of encrypted expressions. Journal of Computer Security, 2004. Google ScholarDigital Library
D. Micciancio and B. Warinschi. Soundness of formal encryption in presence of an active attacker. In Theory of Cryptography Conference (TCC'04), volume 2951 of LNCS, 2004.Google ScholarCross Ref
J. Mitchell, A. Ramanathan, and V. Teague. A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols. Theoretical Comput. Sci., 353:118--164, 2006. Google ScholarDigital Library

Index Terms

Computational soundness of observational equivalence
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
  2. Software organization and properties
    1. Software functional properties
      1. Formal methods

Recommendations

The security of a strong proxy signature scheme with proxy signer privacy protection

In 1996, Mambo et al. first introduced the concept of a proxy signature scheme, and discussed the delegation of the signing capability to a proxy signer. In 2001, Lee et al. constructed a strong non-designated proxy signature scheme. In 2002, Shum and ...
Read More
A new signature scheme without random oracles

Digital signature is commonly used for authentication of a user or data. In order to ensure the security of a signature scheme, it is important to design a signature scheme with a security proof. In 1999, Gennaro et al. and Cramer et al. respectively ...
Read More
A cryptographically sound security proof of the Needham-Schroeder-Lowe public-key protocol

We present a cryptographically sound security proof of the well-known Needham-Schroeder-Lowe public-key protocol for entity authentication. This protocol was previously only proved over unfounded abstractions from cryptography. We show that it is secure ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '08: Proceedings of the 15th ACM conference on Computer and communications security
October 2008
590 pages
ISBN:9781595938107
DOI:10.1145/1455770
General Chair:
Peng Ning
North Carolina State University, USA
,
Program Chairs:
Paul Syverson
Naval Research Laboratory, USA
,
Somesh Jha
University of Wisconsin, USA
Copyright © 2008 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 27 October 2008
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
concurrency
cryptography
protocols
security
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '08 Paper Acceptance Rate51of280submissions,18%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 59
  Total Citations
  View Citations
- 453
  Total Downloads
- Downloads (Last 12 months)12
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Computational soundness of observational equivalence

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

ABSTRACT

References

Cited By

Index Terms

Recommendations

The security of a strong proxy signature scheme with proxy signer privacy protection

A new signature scheme without random oracles

A cryptographically sound security proof of the Needham-Schroeder-Lowe public-key protocol