For exchanged keys, we show that a certain strict symbolic secrecy definition over a specific Dolev-Yao-style cryptographic library implies cryptographic key secrecy for a real implementation of this cryptographic library. For payload messages, we present the first general cryptographic secrecy definition for a reactive scenario. The main challenge is to separate secrecy violations by the protocol under consideration from secrecy violations by the protocol users in a general way. For this definition we show a general secrecy preservation theorem under reactive simulatability, the cryptographic notion of secure implementation. This theorem is of independent cryptographic interest. We then show that symbolic secrecy implies cryptographic payload secrecy for the same cryptographic library as used in key secrecy. Our results thus enable existing formal proof techniques to establish cryptographically sound proofs of secrecy for payload messages and exchanged keys.
Category / Keywords: foundations / secrecy, symbolic, cryptographic, formal methods, reactive simulatability, security analysis of cryptographic protocols Date: received 12 Nov 2004 Contact author: mbc at zurich ibm com Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation Version: 20041112:153223 (All versions of this report) Discussion forum: Show discussion | Start new discussion