Key-dependent message security under active attacks - BRSIM/UC-soundness of Dolev-Yao-style encryption with key cycles

Journal of Computer Security

Volumn 16, Issue 5, 2008, Pages 497-530

  Backes, Michael ^a   Pfitzmann, Birgit ^b   Scedrov, Andre ^c  

^a SAARLAND UNIVERSITY   (Germany)

^b IBM RESEARCH   (United States)

^c UNIVERSITY OF PENNSYLVANIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACTIVE ATTACKS; ADAPTIVE; BLACK-BOX; CIPHERTEXTS; COMPUTATIONAL SOUNDNESSES; ON CURRENTS; REACTIVE SIMULATABILITY; SECURITY PROTOCOLS; SYMMETRIC ENCRYPTIONS;

ALGEBRA; KETONES; NETWORK PROTOCOLS; SECURITY OF DATA;

CRYPTOGRAPHY;

EID: 54349106924     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2008-0332     Document Type: Conference Paper

References (36)

1. M. Abadi and J. Jürjens, Formal eavesdropping and its computational interpretation, in: Proc. 4th International Symposium on Theoretical Aspects of Computer Software (TACS), 2001, pp. 82-94.
2. M. Abadi and P. Rogaway, Reconciling two views of cryptography: The computational soundness of formal encryption, in: Proc. 1st IFIP International Conference on Theoretical Computer Science, Lecture Notes in Computer Science, Vol. 1872, Springer, 2000, pp. 3-22.
3. P. Adão, G. Bana, J. Herzog and A. Scedrov, Soundness of formal encryption in the presence of keycycles, in: Proc. 10th European Symposium on Research in Computer Security (ESORICS), Lecture Notes in Computer Science, Vol. 3679, Springer, 2005, pp. 374-396.
4. M. Backes and B. Pfitzmann, Symmetric encryption in a simulatable Dolev-Yao style cryptographic library, in: Proc. 17th IEEE Computer Security Foundations Workshop (CSFW), 2004, pp. 204-218.
5. M. Backes and B. Pfitzmann, Relating symbolic and cryptographic secrecy, IEEE Transactions on Dependable and Secure Computing 2(2) (2005), 109-123.
6. M. Backes, B. Pfitzmann and M. Waidner, A composable cryptographic library with nested operations (extended abstract), in: Proc. 10th ACM Conference on Computer and Communications Security, 2003, pp. 220-230. (Full version in IACR Cryptology ePrint Archive 2003/015, Jan. 2003, http://eprint.iacr.org/.)
7. M. Backes, B. Pfitzmann and M. Waidner, The reactive simulatability (RSIM) framework for asynchronous systems, Information and Computation 205(12) (2007), 1685-1720.
8. D. Beaver, Secure multiparty protocols and zero knowledge proof systems tolerating a faulty minority, Journal of Cryptology 4(2) (1991), 75-122.
9. M. Bellare, A. Desai, E. Jokipii and P. Rogaway, A concrete security treatment of symmetric encryption, in: Proc. 38th IEEE Symposium on Foundations of Computer Science (FOCS), 1997, pp. 394-403.
10. M. Bellare, A. Desai, D. Pointcheval and P. Rogaway, Relations among notions of security for publickey encryption schemes, in: Advances in Cryptology: CRYPTO '98, Lecture Notes in Computer Science, Vol. 1462, Springer, 1998, pp. 26-45.
11. M. Bellare and C. Namprempre, Authenticated encryption: Relations among notions and analysis of the generic composition paradigm, in: Advances in Cryptology: ASIACRYPT 2000, Lecture Notes in Computer Science, Vol. 1976, Springer, 2000, pp. 531-545.
12. J. Black, P. Rogaway and T. Shrimpton, Encryption-scheme security in the presence of keydependent messages. In Proc. 9th Annual Workshop on Selected Areas in Cryptography (SAC), 2002, pp. 62-75.
13. J. Camenisch and A. Lysyanskaya, An efficient system for non-transferable anonymous credentials with optional anonymity revocation, in: Advances in Cryptology: EUROCRYPT 2001, Lecture Notes in Computer Science, Vol. 2045, Springer, 2001, pp. 93-118.
14. R. Canetti, Security and composition of multiparty cryptographic protocols, Journal of Cryptology 3(1) (2000), 143-202.
15. R. Canetti, Universally composable security: A new paradigm for cryptographic protocols, in: Proc. 42nd IEEE Symposium on Foundations of Computer Science (FOCS), 2001, pp. 136-145. (Extended version in Cryptology ePrint Archive, Report 2000/67, http://eprint.iacr.org/.)
16. R. Canetti and J. Herzog, Universally composable symbolic analysis of mutual authentication and key exchange protocols, in: Proc. 3rd Theory of Cryptography Conference (TCC), Lecture Notes in Computer Science, Vol. 3876, Springer, 2006, pp. 380-403.
17. V. Cortier and B. Warinschi, Computationally sound, automated proofs for security protocols, in: Proc. 14th European Symposium on Programming (ESOP), 2005, pp. 157-171.
18. D. Dolev, C. Dwork and M. Naor, Nonmalleable cryptography, SIAM Journal on Computing 30(2) (2000), 391-437.
19. D. Dolev and A.C. Yao, On the security of public key protocols, IEEE Transactions on Information Theory 29(2) (1983), 198-208.
20. C. Dwork, M. Naor, O. Reingold and L.J. Stockmeyer, Magic functions, Journal of the ACM 50(6) (2003), 852-921.
21. O. Goldreich, S. Micali and A. Wigderson, How to play any mental game - or - a completeness theorem for protocols with honest majority, in: Proc. 19th Annual ACM Symposium on Theory of Computing (STOC), 1987, pp. 218-229.
22. S. Goldwasser and L. Levin, Fair computation of general functions in presence of immoral majority, in: Advances in Cryptology: CRYPTO '90, Lecture Notes in Computer Science, Vol. 537, Springer, 1990, pp. 77-93.
23. S. Goldwasser and S. Micali, Probabilistic encryption, Journal of Computer and System Sciences 28 (1984), 270-299.
24. S. Halevi and H. Krawczyk, Security under key-dependent inputs, in: Proc. of the 14th ACM Conference on Computer and Communications Security, 2007, pp. 466-475. (Preprint on IACR ePrint 2007/315.)
25. D. Hofheinz and D. Unruh, Towards key-dependent message security in the standard model, in: Proc. of Advances in Cryptology: EUROCRYPT 2008, August 2007, Lecture Notes in Computes Science, Vol. 4965, Springer, 2008, pp. 108-126. (Preprint on IACR ePrint 2007/333.)
26. P. Laud, Semantics and program analysis of computationally secure information flow, in: Proc. 10th European Symposium on Programming (ESOP), 2001, pp. 77-91.
27. P. Laud, Symmetric encryption in automatic analyses for confidentiality against active adversaries, in: Proc. 25th IEEE Symposium on Security & Privacy, 2004, pp. 71-85.
28. M. Luby, Pseudorandomness and Cryptographic Applications, Princeton Computer Society Notes, Princeton, NJ, 1996.
29. C. Meadows, Using narrowing in the analysis of key management protocols, in: Proc. 10th IEEE Symposium on Security & Privacy, 1989, pp. 138-147.
30. S. Micali and P. Rogaway, Secure computation, in: Advances in Cryptology: CRYPTO '91, Lecture Notes in Computer Science, Vol. 576, Springer, 1991, pp. 392-404.
31. D. Micciancio and B. Warinschi, Soundness of formal encryption in the presence of active adversaries, in: Proc. 1st Theory of Cryptography Conference (TCC), Lecture Notes in Computer Science, Vol. 2951, Springer, 2004, pp. 133-151.
32. B. Pfitzmann and M. Waidner, Composition and integrity preservation of secure reactive systems, in: Proc. 7th ACM Conference on Computer and Communications Security, 2000, pp. 245-254. (Extended version (with Matthias Schunter) IBM Research Report RZ 3206, May 2000, http://www.semper.org/sirene/ publ/PfSW1_00ReactSimulIBM.ps.gz.)
33. B. Pfitzmann and M. Waidner, A model for asynchronous reactive systems and its application to secure message transmission, in: Proc. 22nd IEEE Symposium on Security & Privacy, 2001, pp. 184-200. (Extended version of the model (with Michael Backes) IACR Cryptology ePrint Archive 2004/082, http://eprint.iacr.org/.)
34. C. Rackoff and D.R. Simon, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack, in: Advances in Ciyptology: CRYPTO'91, Lecture Notes in Computer Science, Vol. 576, Springer, 1992, pp. 433-444.
35. C.E. Shannon, Communication theory of secrecy systems, Bell System Technical Journal 28(4) (1949), 656-715.
36. A.C. Yao, Theory and applications of trapdoor functions, in: Proc. 23rd IEEE Symposium on Foundations of Computer Science (FOCS), 1982, pp. 80-91,