623 research outputs found
A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems
Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches relies on a computational model that considers issues of complexity and probability. This approach captures a strong notion of security, guaranteed against all probabilistic polynomial-time attacks. The other approach relies on a symbolic model of protocol executions in which cryptographic primitives are treated as black boxes. Since the seminal work of Dolev and Yao, it has been realized that this latter approach enables significantly simpler and often automated proofs. However, the guarantees that it offers have been quite unclear. For more than twenty years the two approaches have coexisted but evolved mostly independently. Recently, significant research efforts attempt to develop paradigms for cryptographic systems analysis that combines the best of both worlds. There are two broad directions that have been followed. {\em Computational soundness} aims to establish sufficient conditions under which results obtained using symbolic models imply security under computational models. The {\em direct approach} aims to apply the principles and the techniques developed in the context of symbolic models directly to computational ones. In this paper we survey existing results along both of these directions. Our goal is to provide a rather complete summary that could act as a quick reference for researchers who want to contribute to the field, want to make use of existing results, or just want to get a better picture of what results already exist
A Machine-Checked Formalization of the Generic Model and the Random Oracle Model
Most approaches to the formal analyses of cryptographic protocols make the perfect cryptography assumption, i.e. the hypothese that there is no way to obtain knowledge about the plaintext pertaining to a ciphertext without knowing the key. Ideally, one would prefer to rely on a weaker hypothesis on the computational cost of gaining information about the plaintext pertaining to a ciphertext without knowing the key. Such a view is permitted by the Generic Model and the Random Oracle Model which provide non-standard computational models in which one may reason about the computational cost of breaking a cryptographic scheme. Using the proof assistant Coq, we provide a machine-checked account of the Generic Model and the Random Oracle Mode
The zheng-seberry public key cryptosystem and signcryption
In 1993 Zheng-Seberry presented a public key cryptosystem that was considered efficient and secure in the sense of indistinguishability of encryptions (IND) against an adaptively chosen ciphertext adversary (CCA2). This thesis shows the Zheng-Seberry scheme is not secure as a CCA2 adversary can break the scheme in the sense of IND. In 1998 Cramer-Shoup presented a scheme that was secure against an IND-CCA2 adversary and whose proof relied only on standard assumptions. This thesis modifies this proof and applies it to a modified version of the El-Gamal scheme. This resulted in a provably secure scheme relying on the Random Oracle (RO) model, which is more efficient than the original Cramer-Shoup scheme. Although the RO model assumption is needed for security of this new El-Gamal variant, it only relies on it in a minimal way
Ballot secrecy: Security definition, sufficient conditions, and analysis of Helios
We propose a definition of ballot secrecy as an indistinguishability game in the
computational model of cryptography. Our definition improves upon
earlier definitions to ensure
ballot secrecy is preserved in the presence
of an adversary that controls
ballot collection.
We also propose
a definition
of ballot independence as
an adaptation of an indistinguishability game
for asymmetric
encryption. We prove relations between our definitions. In particular, we prove
ballot independence is sufficient for ballot secrecy in voting systems with
zero-knowledge tallying proofs. Moreover, we prove that building
systems
from non-malleable asymmetric encryption schemes suffices for ballot secrecy,
thereby eliminating
the expense of ballot-secrecy proofs for a class
of encryption-based voting systems. We demonstrate applicability of
our results by analysing the Helios voting system and its mixnet variant.
Our analysis reveals that Helios does not satisfy ballot secrecy in the presence of
an adversary that controls
ballot collection. The
vulnerability cannot be detected by earlier definitions of ballot secrecy, because
they do not consider such adversaries. We adopt non-malleable ballots
as a fix and prove that the fixed system satisfies ballot secrecy
Recommended from our members
Proving Cryptographic C Programs Secure with General-Purpose Verification Tools
Security protocols, such as TLS or Kerberos, and security devices such as the Trusted Platform Module (TPM), Hardware Security Modules (HSMs) or PKCS#11 tokens, are central to many computer interactions.
Yet, such security critical components are still often found vulnerable to attack after their deployment, either because the specification is insecure, or because of implementation errors.
Techniques exist to construct machine-checked proofs of security properties for abstract specifications.
However, this may leave the final executable code, often written in lower level languages such as C, vulnerable both to logical errors, and low-level flaws.
Recent work on verifying security properties of C code is often based on soundly extracting, from C programs, protocol models on which security properties can be proved.
However, in such methods, any change in the C code, however trivial, may require one to perform a new and complex security proof.
Our goal is therefore to develop or identify a framework in which security properties of cryptographic systems can be formally proved, and that can also be used to soundly verify, using existing general-purpose tools, that a C program shares the same security properties.
We argue that the current state of general-purpose verification tools for the C language, as well as for functional languages, is sufficient to achieve this goal, and illustrate our argument by developing two verification frameworks around the VCC verifier.
In the symbolic model, we illustrate our method by proving authentication and weak secrecy for implementations of several network security protocols.
In the computational model, we illustrate our method by proving authentication and strong secrecy properties for an exemplary key management API, inspired by the TPM
Machine-Checked Formalisation and Verification of Cryptographic Protocols
PhD ThesisAiming for strong security assurance, researchers in academia and industry focus
their interest on formal verification of cryptographic constructions. Automatising
formal verification has proved itself to be a very difficult task, where the main
challenge is to support generic constructions and theorems, and to carry out the
mathematical proofs.
This work focuses on machine-checked formalisation and automatic verification of cryptographic protocols. One aspect we covered is the novel support for
generic schemes and real-world constructions among old and novel protocols: key exchange schemes (Simple Password Exponential Key Exchange, SPEKE), commitment
schemes (with the popular Pedersen scheme), sigma protocols (with the Schnorrâs
zero-knowledge proof of knowledge protocol), and searchable encryption protocols
(Sophos).
We also investigated aspects related to the reasoning of simulation based proofs,
where indistinguishability of two different algorithms by any adversary is the crucial
point to prove privacy-related properties. We embedded information-flow techniques
into the EasyCrypt core language, then we show that our effort not only makes some
proofs easier and (sometimes) fewer, but is also more powerful than other existing
techniques in particular situations
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
A foundation for secret, verifiable elections
Many voting systems rely on art, rather than science, to ensure that
votes are freely made, with equal influence. Such systems build upon
creativity and skill, rather than scientific foundations. These systems
are routinely broken in ways that compromise free-choice or permit
undue influence. Breaks can be avoided by proving that voting systems
satisfy formal notions of voters voting freely and of detecting
undue influence. This manuscript provides a detailed technical
introduction to
a definition of ballot secrecy by Smyth that formalises the former notion and
a definition of verifiability by Smyth, Frink & Clarkson that formalises the latter.
The definitions are presented in the computational model of cryptography:
Ballot secrecy is expressed as the inability to distinguish between an
instance of the voting system in which voters cast some votes, from another
instance in which the voters cast a permutation of those votes. Verifiability
decomposes into individual verifiability, which is expressed as the inability
to cause a collision between ballots,
and universal verifiability, which is expressed as the inability to cause an incorrect
election outcome to be accepted. The definitions are complimented with simple
examples that demonstrate the essence of these properties and detailed
proofs are constructed to show how secrecy and verifiability can be formally
proved. Finally, the Helios and Helios Mixnet voting systems are presented as case
studies to provide an understanding of state-of-the-art systems that are being
used for binding elections
- âŠ