3 research outputs found
Symbolic Encryption with Pseudorandom Keys
We give an efficient decision procedure that, on input two (acyclic)
cryptographic expressions making arbitrary use of an encryption scheme
and a (length doubling) pseudorandom generator, determines (in polynomial time) if the two expressions produce computationally indistinguishable distributions for any pseudorandom generator and encryption scheme satisfying the standard security notions of pseudorandomness and indistinguishability under chosen plaintext attack.
The procedure works by mapping each expression to a symbolic pattern that captures, in a fully abstract way, the information revealed by the expression to a computationally bounded observer. We then prove that if any two (possibly cyclic) expressions are mapped to the same
pattern, then the associated distributions are indistinguishable.
At the same time, if the expressions are mapped to different symbolic
patterns and do not contain encryption cycles, there are secure
pseudorandom generators and encryption schemes for which the two
distributions can be distinguished with overwhelming advantage
Symbolic security of garbled circuits
We present the first computationally sound symbolic analysis of Yao\u27s
garbled circuit construction for secure two party computation.
Our results include an extension of the symbolic language for cryptographic
expressions from previous work on computationally sound symbolic analysis,
and a soundness theorem for this extended language.
We then demonstrate how the extended language can be used to
formally specify not only the garbled circuit construction, but also
the formal (symbolic) simulator required by the definition of security.
The correctness of the simulation is proved in a purely syntactical way,
within the symbolic model of cryptography, and then translated into a concrete
computational indistinguishability statement via our general computational
soundness theorem.
We also implement our symbolic security framework and the garbling scheme
in Haskell, and our experiment shows that the symbolic analysis performs well
and can be done within several seconds even for large circuits that are useful
for real world applications
Computational soundness, co-induction and encryption cycles
We analyze the relation between induction, co-induction and the presence of encryption cycles in the context of computationally sound symbolic equivalence of cryptographic expressions. Our main finding is that the use of co-induction in the symbolic definition of the adversarial knowledge allows to prove unconditional soundness results, that do not require syntactic restrictions, like the absence of encryption cycles. Encryption cycles are relevant only to the extent that the key recovery function associated to acyclic expressions can be shown to have a unique fix-point. So, when a cryptographic expression has no encryption cycles, the inductive (least fix-point) and co-inductive (greatest fix-point) security definitions produce the same results, and the computational soundness of the inductive definitions for acyclic expressions follows as a special case of the soundness of the co-inductive definition