A computational interpretation of Dolev-Yao adversaries

The Dolev-Yao model is a simple and useful framework in which to analyze security protocols, but it assumes that the adversary is extremely limited. We show that it is possible for the results of this model to remain valid even if the adversary is given additional power. In particular, we show that there exist situations in which Dolev-Yao adversary can be viewed as a valid abstraction of all realistic adversaries. We do this in a number of steps: (1) We summarize the strong assumptions placed on the Dolev-Yao adversary as a non-malleability property of public-key encryption in the computational model, an alternate framework with a very powerful adversary. (2) We re-derive and discuss the indistinguishability property of Abadi and Rogaway [2] in the public-key setting, and show that it is satisfied by computational encryption secure against the chosen-ciphertext attack. (3) We show that any encryption scheme that satisfies the indistinguishability property also satisfies our (more natural) non-malleability property.