Computational soundness of formal adversaries

The Dolev-Yao model is a useful and widespread framework in which to analyze security protocols. However, it models the messages of the protocol at a very high level and makes extremely strong assumptions about the power of the adversary. The computational model of cryptography and cryptographic protocols takes a much more low-level view of messages and uses much weaker assumptions. A major result of this work will be the demonstration that certain kinds of computational cryptography can result in an equivalence of sorts between the formal and computational adversary. Specifically, we give an interpretation to the messages of the Dolev-Yao model in terms of computational cryptography. We then define a computational security condition on the powers of the computational adversary, and show that this condition limits the computational adversary to the operations of the Dolev-Yao adversary. Lastly, we show that this security condition is achievable using standard computational cryptographic constructs.

[1]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[2]  Silvio Micali,et al.  The Notion of Security for Probabilistic Cryptosystems , 1986, CRYPTO.

[3]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[4]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[5]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[6]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[7]  Tiziana Margaria,et al.  Tools and algorithms for the construction and analysis of systems: a special issue for TACAS 2017 , 2001, International Journal on Software Tools for Technology Transfer.

[8]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[9]  James Manger,et al.  A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0 , 2001, CRYPTO.

[10]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2001, Journal of Cryptology.

[11]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[12]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[13]  Mihir Bellare,et al.  Optimal Asymmetric Encryption-How to Encrypt with RSA , 1995 .

[14]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[15]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[16]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[17]  Joshua D. Guttman,et al.  The faithfulness of abstract protocol analysis , 2001, CCS 2001.

[18]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.