A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols

Authors:
John C. Mitchell;Ajith Ramanathan;Andre Scedrov;Vanessa Teague
Affiliations:
Department of Computer Science, Stanford University, Stanford, CA;Department of Computer Science, Stanford University, Stanford, CA;Department of Mathematics, University of Pennsylvania, Philadelphia, PA;Department of Computer Science, Stanford University, Stanford, CA
Venue:
Theoretical Computer Science
Year:
2006

Citing 42
Cited 30

The notion of security for probabilistic cryptosystems

SIAM Journal on Computing - Special issue on cryptography
A logic of authentication

ACM Transactions on Computer Systems (TOCS)
Non-malleable cryptography

STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
Bisimulation through probabilistic testing

Information and Computation
Predictive recursion and computational complexity

Predictive recursion and computational complexity
Reactive, generative, and stratified models of probabilistic processes

Information and Computation
A tutorial on EMPA: a theory of concurrent processes with nondeterminism, priorities, probabilities and time

Theoretical Computer Science
A probabilistic poly-time framework for protocol analysis

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
An attack on a recursive authentication protocol. A cautionary tale

Information Processing Letters
A calculus for cryptographic protocols

Information and Computation
Composition and integrity preservation of secure reactive systems

Proceedings of the 7th ACM conference on Computer and communications security
Using encryption for authentication in large networks of computers

Communications of the ACM
Mobile values, new names, and secure communication

POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Foundations of Cryptography: Basic Tools

Foundations of Cryptography: Basic Tools
Communication and Concurrency

Communication and Concurrency
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Modern Cryptography, Probabilistic Proofs, and Pseudorandomness

Modern Cryptography, Probabilistic Proofs, and Pseudorandomness
Algorithms and Theory of Computation Handbook

Algorithms and Theory of Computation Handbook
Time and Probability in Formal Design of Distributed Systems

Time and Probability in Formal Design of Distributed Systems
Pseudorandomness and Cryptographic Applications

Pseudorandomness and Cryptographic Applications
A Bisimulation Method for Cryptographic Protocols

ESOP '98 Proceedings of the 7th European Symposium on Programming: Programming Languages and Systems
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Temporal Logics for the Specification of Performance and Reliability

STACS '97 Proceedings of the 14th Annual Symposium on Theoretical Aspects of Computer Science
Analyzing the Needham-Schroeder Public-Key Protocol: A Comparison of Two Approaches

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Relations Among Notions of Security for Public-Key Encryption Schemes

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
On the Security of ElGamal Based Encryption

PKC '98 Proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
The Decision Diffie-Hellman Problem

ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Bisimulation for labelled Markov processes

Information and Computation - Special issue: LICS'97
Quantitative Analysis and Model Checking

LICS '97 Proceedings of the 12th Annual IEEE Symposium on Logic in Computer Science
Approximating Labeled Markov Processes

LICS '00 Proceedings of the 15th Annual IEEE Symposium on Logic in Computer Science
Modelling and verifying key-exchange protocols using CSP and FDR

CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Mechanized proofs for a recursive authentication protocol

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Proving Properties of Security Protocols by Induction

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
A Meta-Notation for Protocol Analysis

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
A Linguistic Characterization of Bounded Oracle Computation and Probabilistic Polynomial Time

FOCS '98 Proceedings of the 39th Annual Symposium on Foundations of Computer Science
A Compositional Logic for Protocol Correctness

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Universally Composable Security: A New Paradigm for Cryptographic Protocols

FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
Security Properties and CSP

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Automated analysis of cryptographic protocols using Mur/spl phi/

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Foundations of Cryptography: Volume 2, Basic Applications

Foundations of Cryptography: Volume 2, Basic Applications

ACM SIGACT news distributed computing column 24

ACM SIGACT News
A Probabilistic Scheduler for the Analysis of Cryptographic Protocols

Electronic Notes in Theoretical Computer Science (ENTCS)
Computationally sound mechanized proofs for basic and public-key Kerberos

Proceedings of the 2008 ACM symposium on Information, computer and communications security
Secrecy in Multiagent Systems

ACM Transactions on Information and System Security (TISSEC)
Modeling Computational Security in Long-Lived Systems

CONCUR '08 Proceedings of the 19th international conference on Concurrency Theory
Computational soundness of observational equivalence

Proceedings of the 15th ACM conference on Computer and communications security
The Computational SLR: A Logic for Reasoning about Computational Indistinguishability

TLCA '09 Proceedings of the 9th International Conference on Typed Lambda Calculi and Applications
Weakening the Dolev-Yao model through probability

Proceedings of the 2nd international conference on Security of information and networks
Soundness and completeness of formal encryption: The cases of key cycles and partial information leakage

Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Sampling from Signed Quadratic Residues: RSA Group Is Pseudofree

INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Approximating a behavioural pseudometric without discount for probabilistic systems

FOSSACS'07 Proceedings of the 10th international conference on Foundations of software science and computational structures
A probabilistic applied pi-calculus

APLAS'07 Proceedings of the 5th Asian conference on Programming languages and systems
A framework for game-based security proofs

ICICS'07 Proceedings of the 9th international conference on Information and communications security
Calibrating the power of schedulers for probabilistic polynomial-time calculus

Journal of Computer Security - Security Issues in Concurrency (SecCo'07)
Conditional automata: a tool for safe removal of negligible events

CONCUR'10 Proceedings of the 21st international conference on Concurrency theory
Inductive trace properties for computational security

Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
The computational slr: A logic for reasoning about computational indistinguishability

Mathematical Structures in Computer Science
Reasoning about probabilistic security using task-PIOAs

ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
A calculus for game-based security proofs

ProvSec'10 Proceedings of the 4th international conference on Provable security
Indifferentiable security reconsidered: role of scheduling

ISC'10 Proceedings of the 13th international conference on Information security
A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems

Journal of Automated Reasoning
Cryptographically sound implementations for communicating processes

ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Password-based encryption analyzed

ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Computationally sound, automated proofs for security protocols

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Soundness of formal encryption in the presence of key-cycles

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Computational soundness, co-induction, and encryption cycles

EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Automated security proofs with sequences of games

CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Computational soundness of coinductive symbolic security under active attacks

TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Towards modelling adaptive attacker's behaviour

FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
Layout Randomization and Nondeterminism

Electronic Notes in Theoretical Computer Science (ENTCS)

Quantified Score

Hi-index	5.23

Visualization

Abstract

We prove properties of a process calculus that is designed for analysing security protocols. Our long-term goal is to develop a form of protocol analysis, consistent with standard cryptographic assumptions, that provides a language for expressing probabilistic polynomial-time protocol steps, a specification method based on a compositional form of equivalence, and a logical basis for reasoning about equivalence.The process calculus is a variant of CCS, with bounded replication and probabilistic polynomial-time expressions allowed in messages and boolean tests. To avoid inconsistency between security and nondeterminism, messages are scheduled probabilistically instead of nondeterministically. We prove that evaluation of any process expression halts in probabilistic polynomial time and define a form of asymptotic protocol equivalence that allows security properties to be expressed using observational equivalence, a standard relation from programming language theory that involves quantifying over all possible environments that might interact with the protocol.We develop a form of probabilistic bisimulation and use it to establish the soundness of an equational proof system based on observational equivalences. The proof system is illustrated by a formation derivation of the assertion, well-known in cryptography, that El Gamal encryption's semantic security is equivalent to the (computational) Decision Diffie-Hellman assumption. This example demonstrates the power of probabilistic bisimulation and equational reasoning for protocol security.