Sound Computational Interpretation of Formal Encryption with Composed Keys

The formal and computational views of cryptography have been related by the seminal work of Abadi and Rogaway. In their work, a formal treatment of encryption that uses atomic keys is justified in the computational world. However, many proposed formal approaches allow the use of composed keys, where any arbitrary expression can be used as encryption key. We consider an extension of the formal model presented by Abadi and Rogaway, in which it is allowed to use composed keys in formal encryption. We then provide a computational interpretation for expressions that allow us to establish the computational soundness of formal encryption with composed keys

Completeness Theorems for the Abadi-Rogaway Language of Encrypted Expressions

We show that the Abadi-Rogaway logic of indistinguishability for cryptographic expressions is not complete by giving a natural example of a secure encryption function and a pair of expressions, such that the distributions associated to the two expressions are computationally indistinguishable, but equality cannot be proved within the logic. We then introduce a new property for encryption schemes, called confusion freeness, and show that the Abadi-Rogaway logic (as well as an extension of it due to Jurjens) is sound and complete, whenever the encryption scheme that is used is confusion free. We prove confusion freeness to be a consequence of a natural security property, that of authenticated encryption. In addition, we consider a refinement of the logic that overcomes certain limitations of the original proposal, allowing for encryption functions that do not hide the length of the message being sent. Both the soundness theorem of Abadi and Rogaway, and our completeness result for authenticated encryption easily extend to this more realistic notion of secrecy

Studies in program obfuscation

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Mathematics, 2010.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Cataloged from student submitted PDF version of thesis.Includes bibliographical references (p. 159-164).Program obfuscation is the software analog to the problem of tamper-proofing hardware. The goal of program obfuscation is to construct a compiler, called an "obfuscator," that garbles the code of a computer program while maintaining its functionality. Commercial products exist to perform this procedure, but they do not provide a rigorous security guarantee. Over the past decade, program obfuscation has been studied by the theoretical cryptography community, where rigorous definitions of security have been proposed and obfuscators have been constructed for some families of programs. This thesis presents three contributions based on the virtual black-box security definition of Barak et al [10]. First, we show tight connections between obfuscation and symmetric-key encryption. Specifically, obfuscation can be used to construct an encryption scheme with strong leakage resilience and key-dependent message security. The converse is also true, and these connections scale with the level of security desired. As a result, the known constructions and impossibility results for each primitive carry over to the other. Second, we present two new security definitions that augment the virtual black-box property to incorporate non-malleability. The virtual black-box definition does not prevent an adversary from modifying an obfuscated program intelligently. By contrast, our new definitions provide software with the same security guarantees as tamper-proof and tamper-evident hardware, respectively. The first definition prohibits tampering, and the second definition requires that tampering is detectable after the fact. We construct non-malleable obfuscators of both favors for some program families of interest. Third, we present an obfuscator for programs that test for membership in a hyperplane. This generalizes prior works that obfuscate equality testing. We prove the security of the obfuscator under a new strong variant of the Decisional Diffie-Hellman assumption that holds in the generic group model. Additionally, we show a cryptographic application of the new obfuscator to leak-ageresilient one-time digital signatures. The thesis also includes a survey of the prior results in the field.by Mayank Varia.Ph.D