Results 1  10
of
24
A computationally sound mechanized prover for security protocols
 In IEEE Symposium on Security and Privacy
, 2006
"... ..."
(Show Context)
Formal certification of codebased cryptographic proofs
 4 th Workshop on Formal and Computational Cryptography (FCC
, 2008
"... As cryptographic proofs have become essentially unverifiable, cryptographers have argued in favor of developing techniques that help tame the complexity of their proofs. Gamebased techniques provide a popular approach in which proofs are structured as sequences of games, and in which proof steps es ..."
Abstract

Cited by 81 (25 self)
 Add to MetaCart
As cryptographic proofs have become essentially unverifiable, cryptographers have argued in favor of developing techniques that help tame the complexity of their proofs. Gamebased techniques provide a popular approach in which proofs are structured as sequences of games, and in which proof steps establish the validity of transitions between successive games. Codebased techniques form an instance of this approach that takes a codecentric view of games, and that relies on programming language theory to justify proof steps. While codebased techniques contribute to formalize the security statements precisely and to carry out proofs systematically, typical proofs are so long and involved that formal verification is necessary to achieve a high degree of confidence. We present CertiCrypt, a framework that enables the machinechecked construction and verification of codebased proofs. CertiCrypt is built upon the generalpurpose proof assistant Coq, and draws on many areas, including probability, complexity, algebra, and semantics of programming languages. CertiCrypt provides certified tools to reason about the equivalence of probabilistic programs, including a relational Hoare logic, a theory of observational equivalence, verified program transformations, and gamebased techniques such as reasoning about failure events. The usefulness of CertiCrypt is demonstrated through classical examples, including a proof of semantic security of OAEP (with a bound that improves upon [9]), and a proof of existential unforgeability of FDH signatures. Our work provides a first yet significant step towards Halevi’s ambitious programme [21] of providing tool support for cryptographic proofs. 1.
Automated Security Proofs with Sequences of Games
 Proc. 27th IEEE Symposium on Security
, 2006
"... Abstract. This paper presents the first automatic technique for proving not only protocols but also primitives in the exact security computational model. Automatic proofs of cryptographic protocols were up to now reserved to the DolevYao model, which however makes quite strong assumptions on the pr ..."
Abstract

Cited by 48 (9 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents the first automatic technique for proving not only protocols but also primitives in the exact security computational model. Automatic proofs of cryptographic protocols were up to now reserved to the DolevYao model, which however makes quite strong assumptions on the primitives. On the other hand, with the proofs by reductions, in the complexity theoretic framework, more subtle security assumptions can be considered, but security analyses are manual. A process calculus is thus defined in order to take into account the probabilistic semantics of the computational model. It is already rich enough to describe all the usual security notions of both symmetric and asymmetric cryptography, as well as the basic computational assumptions. As an example, we illustrate the use of the new tool with the proof of a quite famous asymmetric primitive: unforgeability under chosenmessage attacks (UFCMA) of the FullDomain Hash signature scheme under the (trapdoor)onewayness of some permutations. 1
Computationally Sound Mechanized Proofs of Correspondence Assertions
, 2007
"... We present a new mechanized prover for showing correspondence assertions for cryptographic protocols in the computational model. Correspondence assertions are useful in particular for establishing authentication. Our technique produces proofs by sequences of games, as standard in cryptography. These ..."
Abstract

Cited by 24 (7 self)
 Add to MetaCart
We present a new mechanized prover for showing correspondence assertions for cryptographic protocols in the computational model. Correspondence assertions are useful in particular for establishing authentication. Our technique produces proofs by sequences of games, as standard in cryptography. These proofs are valid for a number of sessions polynomial in the security parameter, in the presence of an active adversary. Our technique can handle a wide variety of cryptographic primitives, including shared and publickey encryption, signatures, message authentication codes, and hash functions. It has been implemented in the tool CryptoVerif and successfully tested on examples from the literature.
Timebounded taskPIOAs: A framework for analyzing security protocols
 PROCEEDINGS THE 20TH INTERNATIONAL SYMPOSIUM ON DISTRIBUTED COMPUTING (DISC 2006). VOLUME 4167 OF LNCS., SPRINGER (2006) 238–253 INVITED PAPER
, 2006
"... We present the TimeBounded TaskPIOA modeling framework, an extension of the Probabilistic I/O Automata (PIOA) framework that is intended to support modeling and verification of security protocols. TimeBounded TaskPIOAs directly model probabilistic and nondeterministic behavior, partialinformat ..."
Abstract

Cited by 20 (8 self)
 Add to MetaCart
We present the TimeBounded TaskPIOA modeling framework, an extension of the Probabilistic I/O Automata (PIOA) framework that is intended to support modeling and verification of security protocols. TimeBounded TaskPIOAs directly model probabilistic and nondeterministic behavior, partialinformation adversarial scheduling, and timebounded computation. Together, these features are adequate to support modeling of key aspects of security protocols, including secrecy requirements and limitations on the knowledge and computational power of adversarial parties. They also support security protocol verification, using methods that are compatible with informal approaches used in the computational cryptography research community. We illustrate the use of our framework by outlining a proof of functional correctness and security properties for a wellknown Oblivious Transfer protocol.
Towards Automated Proofs for Asymmetric Encryption Schemes in the Random Oracle Model
"... Chosenciphertext security is by now a standard security property for asymmetric encryption. Many generic constructions for building secure cryptosystems from primitives with lower level of security have been proposed. Providing security proofs has also become standard practice. There is, however, a ..."
Abstract

Cited by 12 (5 self)
 Add to MetaCart
(Show Context)
Chosenciphertext security is by now a standard security property for asymmetric encryption. Many generic constructions for building secure cryptosystems from primitives with lower level of security have been proposed. Providing security proofs has also become standard practice. There is, however, a lack of automated verification procedures that analyze such cryptosystems and provide security proofs. This paper presents an automated procedure for analyzing generic asymmetric encryption schemes in the random oracle model. This procedure has been applied to several examples of encryption schemes among which the construction of BellareRogaway 1993, of Pointcheval at PKC’2000 and REACT.
Machinechecked security proofs of cryptographic signature schemes
 In Proceedings of ESORICS’05, volume 3xxx of Lecture Notes in Computer Science
, 2005
"... Abstract. Formal methods have been extensively applied to the certification of cryptographic protocols. However, most of these works make the perfect cryptography assumption, i.e. the hypothesis that there is no way to obtain knowledge about the plaintext pertaining to a ciphertext without knowing t ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Formal methods have been extensively applied to the certification of cryptographic protocols. However, most of these works make the perfect cryptography assumption, i.e. the hypothesis that there is no way to obtain knowledge about the plaintext pertaining to a ciphertext without knowing the key. A model that does not require the perfect cryptography assumption is the generic model and the random oracle model. These models provide nonstandard computational models in which one may reason about the computational cost of breaking a cryptographic scheme. Using the machinechecked account of the Generic Model and the Random Oracle Model formalized in Coq, we prove the safety of cryptosystems that depend on a cyclic group (like ElGamal cryptosystem), against interactive generic attacks and we prove the security of blind signatures against interactive attacks. To prove the last step, we use a generic parallel attack to create a forgery signature. 1
Formal certification of ElGamal encryption  A gentle introduction to CertiCrypt
 IN 5TH INTERNATIONAL WORKSHOP ON FORMAL ASPECTS IN SECURITY AND TRUST, FAST 2008, SER. LECTURE NOTES IN COMPUTER SCIENCE
, 2008
"... CertiCrypt [1] is a framework that assists the construction of machinechecked cryptographic proofs that can be automatically verified by third parties. To date, CertiCrypt has been used to prove formally the exact security of widely studied cryptographic systems, such as the OAEP padding scheme and ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
CertiCrypt [1] is a framework that assists the construction of machinechecked cryptographic proofs that can be automatically verified by third parties. To date, CertiCrypt has been used to prove formally the exact security of widely studied cryptographic systems, such as the OAEP padding scheme and the Full Domain Hash digital signature scheme. The purpose of this article is to provide a gentle introduction to CertiCrypt. For concreteness, we focus on a simple but illustrative example, namely the semantic security of the Hashed ElGamal encryption scheme in both, the standard and the random oracle model.
A MachineChecked Formalization of the Random Oracle Model
 in &quot;Proceedings of TYPES’04&quot;, Lecture Notes in Computer Science
, 2005
"... Abstract. Most approaches to the formal analysis of cryptography protocols make the perfect cryptographic assumption, which entails for example that there is no way to obtain knowledge about the plaintext pertaining to a ciphertext without knowing the key. Ideally, one would prefer to abandon the pe ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Most approaches to the formal analysis of cryptography protocols make the perfect cryptographic assumption, which entails for example that there is no way to obtain knowledge about the plaintext pertaining to a ciphertext without knowing the key. Ideally, one would prefer to abandon the perfect cryptography hypothesis and reason about the computational cost of breaking a cryptographic scheme by achieving such goals as gaining information about the plaintext pertaining to a ciphertext without knowing the key. Such a view is permitted by nonstandard computational models such as the Generic Model and the Random Oracle Model. Using the proof assistant Coq, we provide a machinechecked account of the Generic Model and the Random Oracle Model. We exploit this framework to prove the security of the ElGamal cryptosystem against adaptive chosen ciphertexts attacks. 1
Automated Proofs for Asymmetric Encryption
"... Abstract. Chosenciphertext security is by now a standard security property for asymmetric encryption. Many generic constructions for building secure cryptosystems from primitives with lower level of security have been proposed. Providing security proofs has also become standard practice. There is, ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
Abstract. Chosenciphertext security is by now a standard security property for asymmetric encryption. Many generic constructions for building secure cryptosystems from primitives with lower level of security have been proposed. Providing security proofs has also become standard practice. There is, however, a lack of automated verification procedures that analyse such cryptosystems and provide security proofs. This paper presents an automated procedure for analysing generic asymmetric encryption schemes in the random oracle model. It has been applied to several examples of encryption schemes. 1