Paper 2012/008

Security proof with dishonest keys

Hubert Comon-Lundh, Véronique Cortier, and Guillaume Scerri

Abstract

Symbolic and computational models are the two families of models for rigorously analysing security protocols. Symbolic models are abstract but offer a high level of automation while computational models are more precise but security proof can be tedious. Since the seminal work of Abadi and Rogaway, a new direction of research aims at reconciling the two views and many soundness results establish that symbolic models are actually sound w.r.t. computational models. This is however not true for the prominent case of encryption. Indeed, all existing soundness results assume that the adversary only uses honestly generated keys. While this assumption is acceptable in the case of asymmetric encryption, it is clearly unrealistic for symmetric encryption. In this paper, we provide with several examples of attacks that do not show-up in the classical Dolev-Yao model, and that do not break the IND-CPA nor INT-CTXT properties of the encryption scheme. Our main contribution is to show the first soundness result for symmetric encryption and arbitrary adversaries. We consider arbitrary indistinguishability properties and an unbounded number of sessions. This result relies on an extension of the symbolic model, while keeping standard security assumptions: IND-CPA and IND-CTXT for the encryption scheme.

Note: Full version

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. To appear in the proceedings of the conference on Principles of Security and Trust (POST12)
Keywords
security protocolsdishonest keyssymmetric encryption
Contact author(s)
scerri @ lsv ens-cachan fr
History
2012-01-07: received
Short URL
https://ia.cr/2012/008
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2012/008,
      author = {Hubert Comon-Lundh and Véronique Cortier and Guillaume Scerri},
      title = {Security proof with dishonest keys},
      howpublished = {Cryptology ePrint Archive, Paper 2012/008},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/008}},
      url = {https://eprint.iacr.org/2012/008}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.