论文信息 - A tool for automating the computationally complete symbolic attacker (Extended Abstract)

A tool for automating the computationally complete symbolic attacker (Extended Abstract)

The design of automated security proofs is a topic extensively studied for over 20 years. One problem that was raised about 12 years ago is the validity (or the scope) of such proofs. Symbolic models are quite far from the implementation. In contrast, modern cryptography typically considers more powerful attackers. This includes of course some computations that are not explicitly specified. This issue has been first addressed by M. Abadi and P. Rogaway [1], followed by many authors. The idea is to prove that the symbolic formal model is sound with respect to the more concrete computational model: if there is no attack in the symbolic model, then there is no attack in the computational model. There are several such soundness proofs, for various primitives and in various contexts (see e.g. [10], [2], [9] to cite only a few). However, all these results require heavy proofs and assume strong hypotheses, some of which are not quite realistic. Typical examples of unrealistic assumptions include: a key cycle is never created, or the attacker does use the key generation algorithm to build his own keys.

Véronique Cortier | Hubert Comon-Lundh | Guillaume Scerri

[1] Colin Boyd,et al. Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[2] Hubert Comon-Lundh,et al. Towards Unconditional Soundness: Computationally Complete Symbolic Attacker , 2012, POST.

[3] Véronique Cortier,et al. Tractable Inference Systems: An Extension with a Deducibility Predicate , 2013, CADE.

[4] Bogdan Warinschi,et al. Soundness of Formal Encryption in the Presence of Active Adversaries , 2004, TCC.

[5] John C. Mitchell,et al. Computationally sound compositional logic for key exchange protocols , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[6] Birgit Pfitzmann,et al. Symmetric encryption in a simulatable Dolev-Yao style cryptographic library , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[7] Benjamin Grégoire,et al. Computer-Aided Security Proofs for the Working Cryptographer , 2011, CRYPTO.

[8] P. Cogn,et al. A Computationally Sound Mechanized Prover for Security Protocols , 2009 .

[9] Hideki Sakurada,et al. Computationally Complete Symbolic Attacker in Action , 2012, FSTTCS.

[10] Martín Abadi,et al. Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2001, Journal of Cryptology.