Inductive Proofs of Computational Secrecy

Abstract: Abstract. Secrecy properties of network protocols assert that no probabilistic polynomial-time distinguisher can win a suitable game presented by a challenger. Because such properties are not determined by traceby-trace behavior of the protocol, we establish a trace-based protocol condition, suitable for inductive proofs, that guarantees a generic reduction from protocol attacks to attacks on underlying primitives. We use this condition to present a compositional inductive proof system for secrecy, and illustr… Show more

“…In addition, the present soundness proofs are based on a new cryptographic definition and associated theorems about the joint security of multiple encryption schemes keyed using random or DHKE-keys. This paper complements [39] and completes the development of formal cryptographically sound proofs for three modes of Kerberos V5 ( [42] contains technical details).…”

“…Section 3.2 summarizes the concept of secretive protocol and proof rules taken from [39] that are used in this paper to establish secrecy properties. However, we give new soundness proofs for these axioms, based on an extension of standard multiparty encryption schemes [10] to allow for multiple public and symmetric encryption schemes keyed using random or Diffie-Hellman based keys.…”

“…The axioms presented in this paper are used in Protocol Composition Logic (PCL) [24,26,41,25,39]. Our formalization uses the characterization of "good key" from [27], but improves on previous work in several respects: (i) we fix a bug in the DH axiom in [27] by using the "DHStrongSecretive" formulas developed in the paper, (ii) we present a general inductive method for proving secrecy conditions for Diffie-Hellman key exchange, and (iii) we present axioms for reasoning from ciphertext integrity assumptions.…”

“…Additional background appears in [24,26,41,25,39]. Modelling protocols A protocol is given by a set of roles, each specifying a sequence of actions to be executed by an honest agent.…”

“…Protocol logic, proof system, cryptographic soundness The syntax of PCL and the informal descriptions of the principal predicates are given in [25,39]. Most protocol proofs use formulas of the form θ[P ] X φ, which are similar to Hoare triples.…”

Formal Proofs of Cryptographic Security of Diffie-Hellman-Based Protocols

“…In addition, the present soundness proofs are based on a new cryptographic definition and associated theorems about the joint security of multiple encryption schemes keyed using random or DHKE-keys. This paper complements [39] and completes the development of formal cryptographically sound proofs for three modes of Kerberos V5 ( [42] contains technical details).…”

“…Section 3.2 summarizes the concept of secretive protocol and proof rules taken from [39] that are used in this paper to establish secrecy properties. However, we give new soundness proofs for these axioms, based on an extension of standard multiparty encryption schemes [10] to allow for multiple public and symmetric encryption schemes keyed using random or Diffie-Hellman based keys.…”

“…The axioms presented in this paper are used in Protocol Composition Logic (PCL) [24,26,41,25,39]. Our formalization uses the characterization of "good key" from [27], but improves on previous work in several respects: (i) we fix a bug in the DH axiom in [27] by using the "DHStrongSecretive" formulas developed in the paper, (ii) we present a general inductive method for proving secrecy conditions for Diffie-Hellman key exchange, and (iii) we present axioms for reasoning from ciphertext integrity assumptions.…”

“…Additional background appears in [24,26,41,25,39]. Modelling protocols A protocol is given by a set of roles, each specifying a sequence of actions to be executed by an honest agent.…”

“…Protocol logic, proof system, cryptographic soundness The syntax of PCL and the informal descriptions of the principal predicates are given in [25,39]. Most protocol proofs use formulas of the form θ[P ] X φ, which are similar to Hoare triples.…”

Formal Proofs of Cryptographic Security of Diffie-Hellman-Based Protocols

Cryptographically Sound Security Proofs for Basic and Public-Key Kerberos

Analysis of EAP-GPSK Authentication Protocol