Cryptology ePrint Archive: Report 2009/227

Computational soundness, co-induction, and encryption cycles

Daniele Micciancio

Abstract: We analyze the relation between induction, co-induction and the presence of encryption cycles in the context of computationally sound symbolic equivalence of cryptographic expressions. Our main finding is that the use of co-induction in the symbolic definition of the adversarial knowledge allows to prove unconditional soundness results that do not require syntactic restrictions, like the absence of encryption cycles. Encryption cycles are relevant only to the extent that the key recovery function associated to acyclic expressions can be shown to have a unique fix-point. So, when a cryptographic expression has no encryption cycles, the inductive (least fix-point) and co-inductive (greatest fix-point) security definitions produce the same results, and the computational soundness of the inductive definitions for acyclic expressions follows as a special case of the soundness of the co-inductive definition.

Category / Keywords: foundations / computational soundness, co-induction, greatest fix-point, formal methods for security, symbolic encryption, encryption cycles

Date: received 20 May 2009, last revised 29 May 2009

Contact author: daniele at cs ucsd edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20090530:041653 (All versions of this report)

Short URL: ia.cr/2009/227

Discussion forum: Show discussion | Start new discussion