State Separation for Code-Based Game-Playing Proofs

The security analysis of real-world protocols involves reduction steps that are conceptually simple but still have to account for many protocol complications found in standards and implementations. Taking inspiration from universal composability, abstract cryptography, process algebras, and type-based verification frameworks, we propose a method to simplify large reductions, avoid mistakes in carrying them out, and obtain concise security statements.

[1]  Tanja Lange,et al.  Non-uniform cracks in the concrete: the power of free precomputation , 2012, IACR Cryptol. ePrint Arch..

[2]  Jan van Leeuwen,et al.  Beyond the Turing Limit: Evolving Interactive Systems , 2001, SOFSEM.

[3]  Jörn Müller-Quade,et al.  Long-Term Security and Universal Composability , 2007, Journal of Cryptology.

[4]  Marc Fischlin,et al.  Composability of bellare-rogaway key exchange protocols , 2011, CCS '11.

[5]  Bruno Blanchet,et al.  Composition Theorems for CryptoVerif and Application to TLS 1.3 , 2018, 2018 IEEE 31st Computer Security Foundations Symposium (CSF).

[6]  Stefano Tessaro,et al.  An equational approach to secure multi-party computation , 2013, ITCS '13.

[7]  Marc Fischlin,et al.  Less is more: relaxed yet composable security notions for key exchange , 2013, International Journal of Information Security.

[8]  Cas J. F. Cremers,et al.  Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal , 2015, Des. Codes Cryptogr..

[9]  Gilles Barthe,et al.  Mind the Gap: Modular Machine-Checked Proofs of One-Round Key Exchange Protocols , 2015, EUROCRYPT.

[10]  Pierre-Yves Strub,et al.  Dependent types and multi-monadic effects in F* , 2016, POPL.

[11]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[12]  Pierre-Yves Strub,et al.  Modular code-based cryptographic verification , 2011, CCS '11.

[13]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[14]  Birgit Pfitzmann,et al.  A General Composition Theorem for Secure Reactive Systems , 2004, TCC.

[15]  Hovav Shacham,et al.  Careful with Composition: Limitations of the Indifferentiability Framework , 2011, EUROCRYPT.

[16]  Alfredo Pironti,et al.  Proving the TLS Handshake Secure (as it is) , 2014, IACR Cryptol. ePrint Arch..

[17]  Benjamin Grégoire,et al.  Computer-Aided Security Proofs for the Working Cryptographer , 2011, CRYPTO.

[18]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[19]  Marc Fischlin,et al.  A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates , 2015, IACR Cryptol. ePrint Arch..

[20]  Ueli Maurer Constructive Cryptography - A Primer , 2010, Financial Cryptography.

[21]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[22]  Tibor Jager,et al.  On the Security of TLS-DHE in the Standard Model , 2012, CRYPTO.

[23]  Alfredo Pironti,et al.  Implementing TLS with Verified Cryptographic Security , 2013, 2013 IEEE Symposium on Security and Privacy.

[24]  Kenneth G. Paterson,et al.  On the Security of the TLS Protocol: A Systematic Analysis , 2013, IACR Cryptol. ePrint Arch..

[25]  Peyton Jones,et al.  Haskell 98 language and libraries : the revised report , 2003 .

[26]  P. Cogn,et al.  A Computationally Sound Mechanized Prover for Security Protocols , 2009 .

[27]  Douglas Stebila,et al.  A Formal Security Analysis of the Signal Messaging Protocol , 2017, Journal of Cryptology.

[28]  Phillip Rogaway,et al.  Formalizing Human Ignorance , 2006, VIETCRYPT.

[29]  John C. Mitchell,et al.  A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols , 2005, Theor. Comput. Sci..

[30]  Dennis Hofheinz,et al.  GNUC: A New Universal Composability Framework , 2015, Journal of Cryptology.

[31]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[32]  Ralf Küsters,et al.  The IITM Model: A Simple and Expressive Model for Universal Composability , 2020, Journal of Cryptology.

[33]  Nikhil Swamy,et al.  Implementing and Proving the TLS 1.3 Record Layer , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[34]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[35]  Mads Tofte Essentials of Standard ML Modules , 1996, Advanced Functional Programming.

[36]  Ueli Maurer,et al.  (De-)Constructing TLS 1.3 , 2015, INDOCRYPT.

[37]  Marc Fischlin,et al.  Key Confirmation in Key Exchange: A Formal Treatment and Implications for TLS 1.3 , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[38]  Chris Brzuska,et al.  A Modular Security Analysis of EAP and IEEE 802.11 , 2017, Public Key Cryptography.

[39]  Ueli Maurer,et al.  Constructive Cryptography - A New Paradigm for Security Definitions and Proofs , 2011, TOSCA.

[40]  Ueli Maurer,et al.  Indistinguishability of Random Systems , 2002, EUROCRYPT.

[41]  Christina Brzuska On the foundations of key exchange , 2013 .

[42]  Mike Rosulek,et al.  The Joy of Cryptography , 2017 .

[43]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[44]  Bruce M. Kapron,et al.  Computational indistinguishability logic , 2010, CCS '10.

[45]  Douglas Wikström Simplified Universal Composability Framework , 2016, TCC.

[46]  Silvio Micali,et al.  Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements , 2000, EUROCRYPT.