We present a new mechanized prover for showing correspondence assertions for cryptographic protocols in the computational model. Correspondence assertions are useful in particular for establishing authentication. Our technique produces proofs by sequences of games, as standard in cryptography. These proofs are valid for a number of sessions polynomial in the security parameter, in the presence of an active adversary. Our technique can handle a wide variety of cryptographic primitives, including shared- and public-key encryption, signatures, message authentication codes, and hash functions. It has been implemented in the tool CryptoVerif and successfully tested on examples from the literature.

Specification documents for real-world authentication protocols typically mandate some aspects of a protocol’s behavior but leave other features optional or undefined. In addition, real-world schemes often include parameter negotiations, authenticate associated data, and support a multiplicity of options. The cryptographic community has routinely elided such matters from our definitions, schemes, and proofs. We propose encompassing them by explicitly modeling the presence of unspecified protocol functionality. To demonstrate, we provide a new treatment for mutual authentication in the public-key setting, doing this in the computational cryptographic tradition. In our model, compactly described in pseudocode, a protocol core (PC) will call out to protocol details (PD), but, for defining security, such calls will be serviced by the adversary. Parties accepting an authentication exchange will output a string of associated data, the value of which may be determined by the PD calls. We illustrate the approach by re-proving security for the Needham-Schroeder-Lowe public-key protocol, but extended in a manner that would be typical were the mechanism embedded in a real-world standard. Keywords: authentication, associated data, Needham-Schroeder-Lowe protocol, provable security, security models.

Abstract. This title question has been seeing a number of researchers up many nights long. As soon as major protocol flaws were discovered empirically — a good luck that is not older than the early 1990s — this question came up to the world. It was soon realised that some notion of formal correctness was necessary to substantiate the confidence derived from informal analyses. But protocol correctness was born in a decade when security in general was only beginning to ferment. Security protocols aim at such a variety of goals that only their various human understandings could further enlarge. This is partly due to the increasing domains where the protocols are finding an application, such as secure access to local-area network services, secure e-mail, e-commerce, public-key registration at certification authorities and so on. But it is also significantly due to the variety of interpretations that virtually each researcher tends to use for each goal. As it is clear to any expert in formal methods, it is impossible to study

Abstract. The universally composable cryptographic library by Backes, Pfitzmann and Waidner provides Dolev-Yao-like, but cryptographically sound abstractions to common cryptographic primitives like encryptions and signatures. The library has been used to give the correctness proofs of various protocols; while the arguments in such proofs are similar to the ones done with the Dolev-Yao model that has been researched for a couple of decades already, the conclusions that such arguments provide are cryptographically sound. Various interesting protocols, for example e-voting, make extensive use of primitives that the library currently does not provide. The library can certainly be extended, and in this paper we provide one such extension — we add threshold homomorphic encryption to the universally composable cryptographic library and demonstrate its usefulness by (re)proving the security of a well-known e-voting protocol. 1

Abstract not found

Vérification automatique de protocoles cryptographiques: modèle formel et modèle calculatoire

Abstract not found