Completeness Theorems for the Abadi-Rogaway Language of Encrypted Expressions

We show that the Abadi-Rogaway logic of indistinguishability for cryptographic expressions is not complete by giving a natural example of a secure encryption function and a pair of expressions, such that the distributions associated to the two expressions are computationally indistinguishable, but equality cannot be proved within the logic. We then introduce a new property for encryption schemes, called confusion freeness, and show that the Abadi-Rogaway logic (as well as an extension of it due to Jürjens) is sound and complete, whenever the encryption scheme that is used is confusion free. We prove confusion freeness to be a consequence of a natural security property, that of authenticated encryption. In addition, we consider a refinement of the logic that overcomes certain limitations of the original proposal, allowing for encryption functions that do not hide the length of the message being sent. Both the soundness theorem of Abadi and Rogaway, and our completeness result for authenticated encryption easily extend to this more realistic notion of secrecy.