Automatically verified mechanized proof of one-encryption key exchange

Proceedings of the Computer Security Foundations Workshop

Volumn , Issue , 2012, Pages 325-339

  Blanchet, Bruno ^a  

^a ECOLE NORMALE SUPÉRIEURE   (France)

Author keywords

Automatic proofs; Formal methods; Password based authentication; Protocols; Provable security

Indexed keywords

AUTOMATIC PROOFS; DIFFIE-HELLMAN ASSUMPTION; KEY EXCHANGE; NON-TRIVIAL; PASSWORD-BASED AUTHENTICATION; PROBABILITY BOUND; PROVABLE SECURITY;

CRYPTOGRAPHY; FORMAL METHODS; NETWORK PROTOCOLS; SECURITY OF DATA; SECURITY SYSTEMS;

AUTHENTICATION;

EID: 84866904130     PISSN: 10636900     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSF.2012.8     Document Type: Conference Paper

References (64)

1. B. Chor and R. L. Rivest, "A Knapsack type public key cryptosystem based on arithmetic in finite fields," in CRYPTO'84, ser. LNCS, vol. 196. Springer, 1985, pp. 54-65.
2. H. W. Lenstra Jr., "On the Chor-Rivest knapsack cryptosystem," Journal of Cryptology, vol. 3, no. 3, pp. 149-155, 1991.
3. S. Vaudenay, "Cryptanalysis of the Chor-Rivest cryptosystem," in CRYPTO'98, ser. LNCS, vol. 1462. Springer, 1998, pp. 243-256.
4. M. Bellare and P. Rogaway, "The exact security of digital signatures: How to sign with RSA and Rabin," in EURO-CRYPT'96, ser. LNCS, vol. 1070. Springer, 1996, pp. 399-416.
5. K. Ohta and T. Okamoto, "On concrete security treatment of signatures derived from identification," in CRYPTO'98, ser. LNCS, vol. 1462. Springer, 1998, pp. 354-369.
6. M. Bellare and P. Rogaway, "Optimal asymmetric encryption," in EUROCRYPT'94, ser. LNCS, vol. 950. Springer, 1994, pp. 92-111.
7. V. Shoup, "OAEP reconsidered," Journal of Cryptology, vol. 15, no. 4, pp. 223-249, 2002.
8. E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern, "RSA-OAEP is secure under the RSA assumption," Journal of Cryptology, vol. 17, no. 2, pp. 81-104, 2004.
9. G. Barthe, B. Grégoire, S. Z. Béguelin, and Y. Lakhnech, "Beyond provable security. Verifiable IND-CCA security of OAEP," in CT-RSA 2011, ser. LNCS, vol. 6558. Springer, 2011, pp. 180-196.
10. S. Halevi, "A plausible approach to computer-aided cryptographic proofs," Cryptology ePrint Archive, Report 2005/181, 2005, http://eprint.iacr.org/.
11. M. Abadi and P. Rogaway, "Reconciling two views of cryptography (the computational soundness of formal encryption)," Journal of Cryptology, vol. 15, no. 2, pp. 103-127, 2002.
12. V. Cortier and B. Warinschi, "Computationally sound, automated proofs for security protocols," in ESOP'05, ser. LNCS, vol. 3444. Springer, 2005, pp. 157-171.
13. R. Janvier, Y. Lakhnech, and L. Mazaré, "Completing the picture: Soundness of formal encryption in the presence of active adversaries," in ESOP'05, ser. LNCS, vol. 3444. Springer, 2005, pp. 172-185.
14. H. Comon-Lundh and V. Cortier, "Computational soundness of observational equivalence," in CCS'08. ACM, 2008, pp. 109-118.
15. M. Backes, D. Hofheinz, and D. Unruh, "CoSP: A general framework for computational soundness proofs," in CCS'09. ACM, 2009, pp. 66-78.
16. V. Cortier and B. Warinschi, "A composable computational soundness notion," in CCS'11. ACM, 2011, pp. 63-74.
17. V. Cortier, S. Kremer, and B. Warinschi, "A survey of symbolic methods in computational analysis of cryptographic systems," Journal of Automated Reasoning, vol. 46, no. 3-4, pp. 225-259, 2011.
18. V. Cortier, H. Hördegen, and B. Warinschi, "Explicit randomness is not necessary when modeling probabilistic encryption," in ICS 2006, ser. ENTCS, vol. 186. Elsevier, 2006, pp. 49-65.
19. M. Backes, B. Pfitzmann, and M. Waidner, "A composable cryptographic library with nested operations," in CCS'03. ACM, 2003, pp. 220-230.
20. M. Backes and B. Pfitzmann, "Symmetric encryption in a sim-ulatable Dolev-Yao style cryptographic library," in CSFW'04. IEEE, 2004, pp. 204-218.
21. C. Sprenger, M. Backes, D. Basin, B. Pfitzmann, and M. Waidner, "Cryptographically sound theorem proving," in CSFW'06. IEEE, 2006, pp. 153-166.
22. C. Sprenger and D. Basin, "Cryptographically-sound protocol-model abstractions," in LICS'08. IEEE, 2008, pp. 3-17.
23. R. Canetti, "Universally composable security: A new paradigm for cryptographic protocols," in FOCS'01. IEEE, 2001, pp. 136-145.
24. R. Canetti and J. Herzog, "Universally composable symbolic analysis of cryptographic protocols (the case of encryption-based mutual authentication and key exchange)," Cryptology ePrint Archive, Report 2004/334, 2004, available at http:// eprint.iacr.org/2004/334.
25. B. Blanchet, "Automatic proof of strong secrecy for security protocols," in IEEE Symposium on Security and Privacy, 2004, pp. 86-100.
26. J. C. Mitchell, A. Ramanathan, A. Scedrov, and V. Teague, "A probabilistic polynomial-time calculus for the analysis of cryptographic protocols," Theoretical Computer Science, vol. 353, no. 1-3, pp. 118-164, 2006.
27. D. Nowak and Y. Zhang, "A calculus for game-based security proofs," in ProvSec 2010, ser. LNCS, vol. 6402. Springer, 2010, pp. 35-52.
28. A. Datta, A. Derek, J. C. Mitchell, V. Shmatikov, and M. Turuani, "Probabilistic polynomial-time semantics for a protocol security logic," in ICALP'05, ser. LNCS, vol. 3580. Springer, 2005, pp. 16-29.
29. A. Datta, A. Derek, J. C. Mitchell, and B. Warinschi, "Computationally sound compositional logic for key exchange protocols," in CSFW'06. IEEE, 2006, pp. 321-334.
30. G. Barthe, M. Daubignard, B. Kapron, and Y. Lakhnech, "Computational indistinguishability logic," in CCS'10. ACM Press, 2010, pp. 375-386.
31. R. Canetti, L. Cheung, D. Kaynar, M. Liskov, N. Linch, O. Pereira, and R. Segala, "Time-bounded task-PIOAs: A framework for analyzing security protocols," in DISC'06, ser. LNCS, vol. 4167. Springer, 2006, pp. 238-253.
32. P. Laud, "Secrecy types for a simulatable cryptographic library," in CCS'05. ACM, 2005, pp. 26-35.
33. P. Laud and V. Vene, "A type system for computationally secure information flow," in FCT'05, ser. LNCS, vol. 3623. Springer, 2005, pp. 365-377.
34. G. Smith and R. Alpízar, "Secure information flow with random assignment and encryption," in FMSE'06, 2006, pp. 33-43.
35. J. Courant, C. Ene, and Y. Lakhnech, "Computationally sound typing for non-interference: The case of deterministic encryption," in FSTTCS'07, ser. LNCS, vol. 4855. Springer, 2007, pp. 364-375.
36. M. Backes and P. Laud, "Computationally sound secrecy proofs by mechanized flow analysis," in CCS'06. ACM, 2006, pp. 370-379.
37. J. Courant, M. Daubignard, C. Ene, P. Lafourcade, and Y. Lakhnech, "Towards automated proofs for asymmetric encryption schemes in the random oracle model," in CCS'08. ACM, 2008, pp. 371-380.
38. -, "Automated proofs for asymmetric encryption," in Concurrency, Compositionality, and Correctness, ser. LNCS, vol. 5930. Springer, 2010, pp. 300-321.
39. G. Barthe, B. Grégoire, and S. Zanella, "Formal certification of code-based cryptographic proofs," in POPL'09. ACM, 2009, pp. 90-101.
40. G. Barthe, B. Grégoire, S. Heraud, and S. Z. Béguelin, "Formal certification of ElGamal encryption. A gentle introduction to CertiCrypt," in FAST 2008, ser. LNCS, vol. 5491. Springer, 2009, pp. 1-19.
41. S. Z. Béguelin, B. Grégoire, G. Barthe, and F. Olmedo, "Formally certifying the security of digital signature schemes," in IEEE Symposium on Security and Privacy. IEEE, 2009, pp. 237-250.
42. S. Z. Béguelin, G. Barthe, S. Heraud, B. Grégoire, and D. Hedin, "A machine-checked formalization of sigma-protocols," in CSF'10. IEEE, 2010, pp. 246-260.
43. V. Shoup, "Sequences of games: a tool for taming complexity in security proofs," Cryptology ePrint Archive, Report 2004/332, 2004, available at http://eprint.iacr.org/2004/332.
44. M. Bellare and P. Rogaway, "The security of triple encryption and a framework for code-based game-playing proofs," in EUROCRYPT 2006, ser. LNCS, vol. 4004. Springer, 2006, pp. 409-426.
45. G. Barthe, B. Grégoire, S. Heraud, and S. Z. Béguelin, "Computer-aided security proofs for the working cryptographer," in CRYPTO 2011, 2011, to appear.
46. D. Nowak, "A framework for game-based security proofs," in ICICS 2007, ser. LNCS, vol. 4861. Springer, 2007, pp. 319-333.
47. -, "On formal verification of arithmetic-based cryptographic primitives," in ICISC 2008, ser. LNCS, vol. 5461. Springer, 2008, pp. 368-382.
48. R. Affeldt, D. Nowak, and K. Yamada, "Certifying assembly with formal cryptographic proofs: the case of BBS," in AVoCS'09, ser. Electronic Communications of the EASST, vol. 23, 2009.
49. B. Blanchet, "A computationally sound mechanized prover for security protocols," IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 4, pp. 193-207, 2008.
50. B. Blanchet and D. Pointcheval, "Automated security proofs with sequences of games," in CRYPTO 2006, ser. LNCS, vol. 4117. Springer, 2006, pp. 537-554.
51. P. Laud, "Handling encryption in an analysis for secure information flow," in ESOP'03, ser. LNCS, vol. 2618. Springer, 2003, pp. 159-173.
52. -, "Symmetric encryption in automatic analyses for confidentiality against active adversaries," in IEEE Symposium on Security and Privacy, 2004, pp. 71-85.
53. I. Tšahhirov and P. Laud, "Application of dependency graphs to security protocol analysis," in TGC'07, ser. LNCS, vol. 4912. Springer, 2007, pp. 294-311.
54. P. Laud and I. Tšahhirov, "A user interface for a game-based protocol verification tool," in FAST2009, ser. LNCS, vol. 5983. Springer, 2009, pp. 263-278.
55. E. Bresson, O. Chevassut, and D. Pointcheval, "Security proofs for an efficient password-based key exchange," in CCS'03. ACM, 2003, pp. 241-250.
56. S. M. Bellovin and M. Merritt, "Encrypted key exchange: Password-based protocols secure against dictionary attacks," in IEEE Symposium on Security and Privacy. IEEE, 1992, pp. 72-84.
57. B. Blanchet, "Automatically verified mechanized proof of one-encryption key exchange," long version available at http: //www.cryptoverif.ens.fr/OEKE/, 2012.
58. M. Bellare and P. Rogaway, "The AuthA protocol for password-based authenticated key exchange," Mar. 2000, contributions to IEEE P1363. Available from http://grouper.ieee.org/groups/1363/.
59. -, "Random oracles are practical: A paradigm for designing efficient protocols," in CCS'93. ACM, 1993, pp. 62-73.
60. M. Bellare, D. Pointcheval, and P. Rogaway, "Authenticated key exchange secure against dictionary attacks," in EURO-CRYPT 2000, ser. LNCS, vol. 1807. Springer, 2000, pp. 139-155.
61. J.-S. Coron, "Security proof for partial-domain hash signature schemes," in CRYPTO 2002, ser. LNCS, vol. 2442. Springer, 2002, pp. 613-626.
62. B. Blanchet, "Computationally sound mechanized proofs of correspondence assertions," in CSF'07. IEEE, 2007, pp. 97-111, extended version available as ePrint Report 2007/128, http://eprint.iacr.org/2007/128.
63. T. Y. C. Woo and S. S. Lam, "A semantic model for authentication protocols," in IEEE Symposium on Research in Security and Privacy, 1993, pp. 178-194.
64. M. Abdalla, P.-A. Fouque, and D. Pointcheval, "Password-based authenticated key exchange in the three-party setting," IEE Proceedings Information Security, vol. 153, no. 1, pp. 27-39, 2006.