Paper 2006/219

Cryptographically Sound Security Proofs for Basic and Public-Key Kerberos

Michael Backes, Iliano Cervesato, Aaron D. Jaggard, Andre Scedrov, and Joe-Kai Tsay


We present a computational analysis of basic Kerberos with and without its public-key extension PKINIT in which we consider authentication and key secrecy properties. Our proofs rely on the Dolev--Yao-style model of Backes, Pfitzmann, and Waidner, which allows for mapping results obtained symbolically within this model to cryptographically sound proofs if certain assumptions are met. This work was the first verification at the computational level of such a complex fragment of an industrial protocol. By considering a recently fixed version of PKINIT, we extend symbolic correctness results we previously attained in the Dolev--Yao model to cryptographically sound results in the computational model.

Note: Revised full version. This updates the formalization of the certificates binding keys to principals.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Kerberoscomputational analysisauthenticationkey secrecy
Contact author(s)
adj @ dimacs rutgers edu
2010-01-29: revised
2006-06-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Michael Backes and Iliano Cervesato and Aaron D.  Jaggard and Andre Scedrov and Joe-Kai Tsay},
      title = {Cryptographically Sound Security Proofs for Basic and Public-Key Kerberos},
      howpublished = {Cryptology ePrint Archive, Paper 2006/219},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.