Computational Soundness of Equational Theories (Tutorial)
نویسنده
چکیده
We study the link between formal and cryptographic models for security protocols in the presence of passive and adaptive adversaries. We first describe the seminal result by Abadi and Rogaway and shortly discuss some of its extensions. Then we describe a general model for reasoning about the soundness of implementations of equational theories. We illustrate this model on several examples of computationally sound implementations of equational theories.
منابع مشابه
Adaptive Soundness of Static Equivalence
We define a framework to reason about implementations of equational theories in the presence of an adaptive adversary. We particularly focus on soundess of static equivalence. We illustrate our framework on different equational theories: symmetric encryption, modular exponentiation and also joint theories of encryption and modular exponentiation. Finally, we define a model for symbolic analysis...
متن کاملComputationally Sound Implementations of Equational Theories Against Passive Adversaries
In this paper we study the link between formal and cryptographic models for security protocols in the presence of passive adversaries. In contrast to other works, we do not consider a fixed set of primitives but aim at results for arbitrary equational theories. We define a framework for comparing a cryptographic implementation and its idealization with respect to various security notions. In pa...
متن کاملComputational Soundness of Formal Indistinguishability and Static Equivalence
In the investigation of the relationship between the formal and the computational view of cryptography, a recent approach, first proposed in [10], uses static equivalence from cryptographic pi calculi as a notion of formal indistinguishability. Previous work [10, 1] has shown that this yields the soundness of natural interpretations of some interesting equational theories, such as certain crypt...
متن کاملSteve Kremer and Laurent Mazaré Adaptive Soundness of Static Equivalence
We define a framework to reason about sound implemen-tations of equational theories in the presence of an adap-tive adversary. In particular, we focus on soundess of staticequivalence. We illustrate our framework on several equa-tional theories: symmetric encryption, XOR, modular expo-nentiation and also joint theories of encryption and modu-lar exponentiation as well as...
متن کاملConstrained narrowing for conditional equational theories modulo axioms
For an unconditional equational theory (Σ, E) whose oriented equations ~ E are confluent and terminating, narrowing provides an E-unification algorithm. This has been generalized by various authors in two directions: (i) by considering unconditional equational theories (Σ, E∪B) where the ~ E are confluent, terminating and coherent modulo axioms B, and (ii) by considering conditional equational ...
متن کامل