517 research outputs found
Computational Soundness about Formal Encryption in the Presence of Secret Shares and Key Cycles
The computational soundness of formal encryption is studied extensively following the work of Abadi and Rogaway. Recent work considers the scenario in which secret sharing is needed, and separately, the scenario when key cycles are present. The novel technique is the use of a co-induction definition of the adversarial knowledge. In this paper, we prove a computational soundness theorem of formal encryption in the presence of both key cycles and secret shares at the same time, which is a non-trivial extension of former approaches
Symbolic Encryption with Pseudorandom Keys
We give an efficient decision procedure that, on input two (acyclic)
cryptographic expressions making arbitrary use of an encryption scheme
and a (length doubling) pseudorandom generator, determines (in polynomial time) if the two expressions produce computationally indistinguishable distributions for any pseudorandom generator and encryption scheme satisfying the standard security notions of pseudorandomness and indistinguishability under chosen plaintext attack.
The procedure works by mapping each expression to a symbolic pattern that captures, in a fully abstract way, the information revealed by the expression to a computationally bounded observer. We then prove that if any two (possibly cyclic) expressions are mapped to the same
pattern, then the associated distributions are indistinguishable.
At the same time, if the expressions are mapped to different symbolic
patterns and do not contain encryption cycles, there are secure
pseudorandom generators and encryption schemes for which the two
distributions can be distinguished with overwhelming advantage
On Equivalences, Metrics, and Computational Indistinguishability
The continuous technological progress and the constant growing of information flow we observe every day, brought us an urgent need to find a way to defend our data from malicious intruders; cryptography is the field of computer science that deals with security and studies techniques to protect communications from third parties,
but in the recent years there has been a crisis in proving the security of cryptographic protocols, due to the exponential increase in the complexity of modeling proofs.
In this scenario we study interactions in a typed lambda-calculus properly defined to fit well into the key aspects of a cryptographic proof: interaction, complexity and probability. This calculus, RSLR, is an extension of Hofmann's SLR for probabilistic polynomial time computations and it is perfect to model cryptographic primitives and adversaries. In particular, we characterize notions of context equivalence and
context metrics, when defined on linear contexts, by way of traces, making proofs easier. Furthermore we show how to use this techniqe to obtain a proof methodology
for computational indistinguishability, a key notion in modern cryptography; finally we give some motivating examples of concrete cryptographic schemes
Symbolic security of garbled circuits
We present the first computationally sound symbolic analysis of Yao\u27s
garbled circuit construction for secure two party computation.
Our results include an extension of the symbolic language for cryptographic
expressions from previous work on computationally sound symbolic analysis,
and a soundness theorem for this extended language.
We then demonstrate how the extended language can be used to
formally specify not only the garbled circuit construction, but also
the formal (symbolic) simulator required by the definition of security.
The correctness of the simulation is proved in a purely syntactical way,
within the symbolic model of cryptography, and then translated into a concrete
computational indistinguishability statement via our general computational
soundness theorem.
We also implement our symbolic security framework and the garbling scheme
in Haskell, and our experiment shows that the symbolic analysis performs well
and can be done within several seconds even for large circuits that are useful
for real world applications
IST Austria Thesis
A search problem lies in the complexity class FNP if a solution to the given instance of the problem can be verified efficiently. The complexity class TFNP consists of all search problems in FNP that are total in the sense that a solution is guaranteed to exist. TFNP contains a host of interesting problems from fields such as algorithmic game theory, computational topology, number theory and combinatorics. Since TFNP is a semantic class, it is unlikely to have a complete problem. Instead, one studies its syntactic subclasses which are defined based on the combinatorial principle used to argue totality. Of particular interest is the subclass PPAD, which contains important problems
like computing Nash equilibrium for bimatrix games and computational counterparts of several fixed-point theorems as complete. In the thesis, we undertake the study of averagecase hardness of TFNP, and in particular its subclass PPAD.
Almost nothing was known about average-case hardness of PPAD before a series of recent results showed how to achieve it using a cryptographic primitive called program obfuscation.
However, it is currently not known how to construct program obfuscation from standard cryptographic assumptions. Therefore, it is desirable to relax the assumption under which average-case hardness of PPAD can be shown. In the thesis we take a step in this direction. First, we show that assuming the (average-case) hardness of a numbertheoretic
problem related to factoring of integers, which we call Iterated-Squaring, PPAD is hard-on-average in the random-oracle model. Then we strengthen this result to show that the average-case hardness of PPAD reduces to the (adaptive) soundness of the Fiat-Shamir Transform, a well-known technique used to compile a public-coin interactive protocol into a non-interactive one. As a corollary, we obtain average-case hardness for PPAD in the random-oracle model assuming the worst-case hardness of #SAT. Moreover, the above results can all be strengthened to obtain average-case hardness for the class CLS ⊆ PPAD.
Our main technical contribution is constructing incrementally-verifiable procedures for computing Iterated-Squaring and #SAT. By incrementally-verifiable, we mean that every intermediate state of the computation includes a proof of its correctness, and the proof can be updated and verified in polynomial time. Previous constructions of such procedures relied on strong, non-standard assumptions. Instead, we introduce a technique called recursive proof-merging to obtain the same from weaker assumptions
Security Verification of Low-Trust Architectures
Low-trust architectures work on, from the viewpoint of software,
always-encrypted data, and significantly reduce the amount of hardware trust to
a small software-free enclave component. In this paper, we perform a complete
formal verification of a specific low-trust architecture, the Sequestered
Encryption (SE) architecture, to show that the design is secure against direct
data disclosures and digital side channels for all possible programs. We first
define the security requirements of the ISA of SE low-trust architecture.
Looking upwards, this ISA serves as an abstraction of the hardware for the
software, and is used to show how any program comprising these instructions
cannot leak information, including through digital side channels. Looking
downwards this ISA is a specification for the hardware, and is used to define
the proof obligations for any RTL implementation arising from the ISA-level
security requirements. These cover both functional and digital side-channel
leakage. Next, we show how these proof obligations can be successfully
discharged using commercial formal verification tools. We demonstrate the
efficacy of our RTL security verification technique for seven different correct
and buggy implementations of the SE architecture.Comment: 19 pages with appendi
Formal Computational Unlinkability Proofs of RFID Protocols
We set up a framework for the formal proofs of RFID protocols in the
computational model. We rely on the so-called computationally complete symbolic
attacker model. Our contributions are: i) To design (and prove sound) axioms
reflecting the properties of hash functions (Collision-Resistance, PRF); ii) To
formalize computational unlinkability in the model; iii) To illustrate the
method, providing the first formal proofs of unlinkability of RFID protocols,
in the computational model
Symbolic Analysis of Cryptographic Protocols
We rely on the security properties of cryptographic protocols every day while browsing the Internet or withdrawing money from an ATM. However, many of the protocols we use today were standardized without a proof of security. Serious flaws in protocols restrict the level of security we can reach for applications. This thesis motivates why we should strive for proofs of security and provides a framework that makes using automated tools to conduct such proofs more feasible
Formal Models and Techniques for Analyzing Security Protocols: A Tutorial
International audienceSecurity protocols are distributed programs that aim at securing communications by the means of cryptography. They are for instance used to secure electronic payments, home banking and more recently electronic elections. Given The financial and societal impact in case of failure, and the long history of design flaws in such protocol, formal verification is a necessity. A major difference from other safety critical systems is that the properties of security protocols must hold in the presence of an arbitrary adversary. The aim of this paper is to provide a tutorial to some modern approaches for formally modeling protocols, their goals and automatically verifying them
- …