Adaptive Security of Symbolic Encryption

We prove a computational soundness theorem for the symbolic analysis of cryptographic protocols which extends an analogous theorem of Abadi and Rogaway (J. of Cryptology 15(2):103–127, 2002) to a scenario where the adversary gets to see the encryption of a sequence of adaptively chosen symbolic expressions. The extension of the theorem of Abadi and Rogaway to such an adaptive scenario is nontrivial, and raises issues related to the classic problem of selective decommitment, which do not appear in the original formulation of the theorem. Although the theorem of Abadi and Rogaway applies only to passive adversaries, our extension to adaptive attacks makes it substantially stronger, and powerful enough to analyze the security of cryptographic protocols of practical interest. We exemplify the use of our soundness theorem in the analysis of group key distribution protocols like those that arise in multicast and broadcast applications. Specifically, we provide cryptographic definitions of security for multicast key distribution protocols both in the symbolic as well as the computational framework and use our theorem to prove soundness of the symbolic definition.

[1]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[2]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[3]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[4]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[5]  John C. Mitchell,et al.  A probabilistic poly-time framework for protocol analysis , 1998, CCS '98.

[6]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[7]  Ran Canetti,et al.  Efficient Communication-Storage Tradeoffs for Multicast Encryption , 1999, EUROCRYPT.

[8]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[9]  Moni Naor,et al.  Magic functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[10]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[11]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[12]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2001, Journal of Cryptology.

[13]  Martín Abadi,et al.  Formal Eavesdropping and Its Computational Interpretation , 2001, TACS.

[14]  Benjamin C. Pierce,et al.  Theoretical Aspects of Computer Software , 2001, Lecture Notes in Computer Science.

[15]  Virgil D. Gligor,et al.  Weak Key Authenticity and the Computational Completeness of Formal Encryption , 2003, CRYPTO.

[16]  David Hutchison,et al.  A survey of key management for secure group communication , 2003, CSUR.

[17]  Moni Naor,et al.  Magic Functions: In Memoriam: Bernard M. Dwork 1923--1998 , 2003, JACM.

[18]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[19]  Birgit Pfitzmann,et al.  A composable cryptographic library with nested operations , 2003, CCS '03.

[20]  Daniele Micciancio,et al.  Optimal Communication Complexity of Generic Multicast Key Distribution , 2004, EUROCRYPT.

[21]  Bogdan Warinschi,et al.  Soundness of Formal Encryption in the Presence of Active Adversaries , 2004, TCC.

[22]  Birgit Pfitzmann,et al.  Symmetric encryption in a simulatable Dolev-Yao style cryptographic library , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[23]  Bogdan Warinschi,et al.  Completeness Theorems for the Abadi-Rogaway Language of Encrypted Expressions , 2004, J. Comput. Secur..

[24]  Peeter Laud,et al.  Symmetric encryption in automatic analyses for confidentiality against active adversaries , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[25]  Jonathan Herzog,et al.  Computational soundness for standard assumptions of formal cryptography , 2004 .

[26]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[27]  Daniele Micciancio Towards Computationally Sound Symbolic Security Analysis , 2004 .

[28]  Bruce M. Kapron,et al.  Logics for reasoning about cryptographic constructions , 2006, J. Comput. Syst. Sci..