Soundness and Completeness of Formal Logics of Symmetric Encryption

SOUNDNESS AND COMPLETENESS OF FORMAL LOGICS OF SYMMETRIC ENCRYPTION Gergei Bana Supervisor: Andre Scedrov In the last two decades, two major directions in cryptography have developed: formal and computational. The formal approach uses simple, manageable formal languages to describe cryptographic protocols; this approach is amenable to automatization, suitable for computer tools, but its accuracy is often unclear. The computational approach is harder to handle mathematically, involves probability theory and considers limits in computing power; proofs are done by hand, but it is more accurate, hence widely accepted. Much effort has been made to bridge the gap between the two approaches, including the work of Martin Abadi and Philip Rogaway who considered a formal logic of symmetric encryption and its interpretations in cryptosystems based on computational complexity. The Abadi-Rogaway setting has three important ingredients: a formal language along with an equivalence notion of formal expressions, a computational cryptosystem with the notion of computational equivalence of ensembles of random distributions, and an interpreting function that assigns to each formal expression an ensemble of distributions. We say that the interpretation satisfies soundness if equivalence of formal expressions implies computational equivalence of their interpretations, and satisfies completeness if computational equivalence of the interpretations requires equivalence of the expressions. We consider expansions of the Abadi-Rogaway logic of indistinguishability of formal cryptographic expressions. The formal language of this logic uses a box as notation for indecipherable strings, through which formal equivalence is defined. We expand the logic by considering different kinds of boxes corresponding to equivalence classes of formal ciphers. We consider not only computational, but also purely probabilistic, information-theoretic interpretations. We present a general, systematic treatment of the expansions of the logic for symmetric encryption. We establish general soundness and completeness theorems for the interpretations. We also present applications to specific settings not covered in earlier works: a purely probabilistic one that in-