Guessing Attacks and the Computational Soundness of Static Equivalence
نویسندگان
چکیده
The indistinguishability of two pieces of data (or two lists of pieces of data) can be represented formally in terms of a relation called static equivalence. Static equivalence depends on an underlying equational theory. The choice of an inappropriate equational theory can lead to overly pessimistic or overly optimistic notions of indistinguishability, and in turn to security criteria that require protection against impossible attacks or—worse yet—that ignore feasible ones. In this paper, we define and justify an equational theory for standard, fundamental cryptographic operations. This equational theory yields a notion of static equivalence that implies computational indistinguishability. Static equivalence remains liberal enough for use in applications. In particular, we develop and analyze a principled formal account of guessing attacks in terms of static equivalence.
منابع مشابه
Password-Based Encryption Analyzed
The use of passwords in security protocols is particularly delicate because of the possibility of off-line guessing attacks. We study password-based protocols in the context of a recent line of research that aims to justify symbolic models in terms of more concrete, computational ones. We offer two models for reasoning about the concurrent use of symmetric, asymmetric, and passwordbased encrypt...
متن کاملComputational soundness of static equivalence
Privacy related properties in electronic voting are naturally expressed as indistinguishability properties. This motivates the study of observational equivalence, as well as static equivalence in the context of the AVOTÉ project. In this report we survey the existing results on the computational soundness of symbolic indistinguishability relations in the presence of a passive adversary, for whi...
متن کاملComputational Soundness of Formal Indistinguishability and Static Equivalence
In the investigation of the relationship between the formal and the computational view of cryptography, a recent approach, first proposed in [10], uses static equivalence from cryptographic pi calculi as a notion of formal indistinguishability. Previous work [10, 1] has shown that this yields the soundness of natural interpretations of some interesting equational theories, such as certain crypt...
متن کاملEfficient Decision Procedures for Message Deducibility and Static Equivalence
We consider two standard notions in formal security protocol analysis: message deducibility and static equivalence under equational theories. We present polynomial-time algorithms for deciding both problems under subterm convergent equational theories and under a theory representing symmetric encryption with the prefix property. For subterm convergent theories, polynomial-time algorithms for bo...
متن کاملAdaptive Soundness of Static Equivalence
We define a framework to reason about implementations of equational theories in the presence of an adaptive adversary. We particularly focus on soundess of static equivalence. We illustrate our framework on different equational theories: symmetric encryption, modular exponentiation and also joint theories of encryption and modular exponentiation. Finally, we define a model for symbolic analysis...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Journal of Computer Security
دوره 18 شماره
صفحات -
تاریخ انتشار 2006