Secrecy types for a simulatable cryptographic library
Proceedings of the 12th ACM conference on Computer and communications security
Towards computationally sound symbolic analysis of key exchange protocols
Proceedings of the 2005 ACM workshop on Formal methods in security engineering
Secure information flow with random assignment and encryption
Proceedings of the fourth ACM workshop on Formal methods in security
Computational soundness of observational equivalence
Proceedings of the 15th ACM conference on Computer and communications security
Threshold Homomorphic Encryption in the Universally Composable Cryptographic Library
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Verification of Security Protocols
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Cryptographic Protocol Composition via the Authentication Tests
FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
CoSP: a general framework for computational soundness proofs
Proceedings of the 16th ACM conference on Computer and communications security
Real-or-random Key Secrecy of the Otway-Rees Protocol via a Symbolic Security Proof
Electronic Notes in Theoretical Computer Science (ENTCS)
Formal proofs of cryptographic security of Diffie-Hellman-based protocols
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Adversaries and information leaks (Tutorial)
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Inductive trace properties for computational security
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Computational soundness of symbolic zero-knowledge proofs
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Multi-Attacker Protocol Validation
Journal of Automated Reasoning
Computationally sound symbolic secrecy in the presence of hash functions
FSTTCS'06 Proceedings of the 26th international conference on Foundations of Software Technology and Theoretical Computer Science
Justifying a dolev-yao model under active attacks
Foundations of Security Analysis and Design III
Cryptographically sound security proofs for basic and public-key kerberos
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Automated security proofs with sequences of games
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Computational secrecy by typing for the pi calculus
APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems
Inductive proofs of computational secrecy
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
| Hi-index | 0.00 |
We investigate the relation between symbolic and cryptographic secrecy properties for cryptographic protocols. Symbolic secrecy of payload messages or exchanged keys is arguably the most important notion of secrecy shown with automated proof tools. It means that an adversary restricted to symbolic operations on terms can never get the entire considered object into its knowledge set. Cryptographic secrecy essentially means computational indistinguishability between the real object and a random one, given the view of a much more general adversary. In spite of recent advances in linking symbolic and computational models of cryptography, no relation for secrecy under active attacks is known yet. For exchanged keys, we show that a certain strict symbolic secrecy definition over a specific Dolev-Yao-style cryptographic library implies cryptographic key secrecy for a real implementation of this cryptographic library. For payload messages, we present the first general cryptographic secrecy definition for a reactive scenario. The main challenge is to separate secrecy violations by the protocol under consideration from secrecy violations by the protocol users in a general way. For this definition we show a general secrecy preservation theorem under reactive simulatability, the cryptographic notion of secure implementation. This theorem is of independent cryptographic interest. We then show that symbolic secrecy implies cryptographic payload secrecy for the same cryptographic library as used in key secrecy. Our results thus enable existing formal proof techniques to establish cryptographically sound proofs of secrecy for payload messages and exchanged keys.