Relating symbolic and cryptographic secrecy

We investigate the relation between symbolic and cryptographic secrecy properties for cryptographic protocols. Symbolic secrecy of payload messages or exchanged keys is arguably the most important notion of secrecy shown with automated proof tools. It means that an adversary restricted to symbolic o...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE transactions on dependable and secure computing 2005-04, Vol.2 (2), p.109-123
Hauptverfasser:	Backes, M., Pfitzmann, B.
Format:	Artikel
Sprache:	eng
Schlagworte:	Algebra Automation Computational modeling Cryptographic protocols Cryptography Cybersecurity Dolev-Yao model Equations Humans Index Terms- Relations between models Joining processes Knowledge Libraries Payloads probabilistic computation-cryptography Protocol Public key secrecy Security management simulatability Studies
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	123
container_issue	2
container_start_page	109
container_title	IEEE transactions on dependable and secure computing
container_volume	2
creator	Backes, M. Pfitzmann, B.
description	We investigate the relation between symbolic and cryptographic secrecy properties for cryptographic protocols. Symbolic secrecy of payload messages or exchanged keys is arguably the most important notion of secrecy shown with automated proof tools. It means that an adversary restricted to symbolic operations on terms can never get the entire considered object into its knowledge set. Cryptographic secrecy essentially means computational indistinguishability between the real object and a random one, given the view of a much more general adversary. In spite of recent advances in linking symbolic and computational models of cryptography, no relation for secrecy under active attacks is known yet. For exchanged keys, we show that a certain strict symbolic secrecy definition over a specific Dolev-Yao-style cryptographic library implies cryptographic key secrecy for a real implementation of this cryptographic library. For payload messages, we present the first general cryptographic secrecy definition for a reactive scenario. The main challenge is to separate secrecy violations by the protocol under consideration from secrecy violations by the protocol users in a general way. For this definition, we show a general secrecy preservation theorem under reactive simulatability, the cryptographic notion of secure implementation. This theorem is of independent cryptographic interest. We then show that symbolic secrecy implies cryptographic payload secrecy for the same cryptographic library as used in key secrecy. Our results thus enable formal proof techniques to establish cryptographically sound proofs of secrecy for payload messages and exchanged keys.
doi_str_mv	10.1109/TDSC.2005.25
format	Article
fullrecord	<record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_ieee_primary_1453530</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>1453530</ieee_id><sourcerecordid>1027254111</sourcerecordid><originalsourceid>FETCH-LOGICAL-c313t-564504c0d58df78aa350e9da5910608c865be3cad66840f720470973414ddd683</originalsourceid><addsrcrecordid>eNpd0MtLxDAQBvAgCq6Pmzcviwcv2nXymDQ5yvqEBUHXc8gm6dql29ake-h_b8sKgqcZhh8fw0fIBYUZpaDvlg8f8xkDwBnDAzKhWtAMgKrDYUeBGeqcHpOTlDYATCgtJuTmPVS2K-v1NPXbVVOVbmprP3Wxb7tmHW37NVxScDG4_owcFbZK4fx3npLPp8fl_CVbvD2_zu8XmeOUdxlKgSAceFS-yJW1HCFob1FTkKCckrgK3FkvpRJQ5AxEDjrnggrvvVT8lFzvc9vYfO9C6sy2TC5Ula1Ds0uGKdCMIg7w6h_cNLtYD78ZBhIZF4oN6HaPXGxSiqEwbSy3NvaGghlrM2NtZqzNsDHzcs_LEMIfFciRA_8BPCFmJg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>206523482</pqid></control><display><type>article</type><title>Relating symbolic and cryptographic secrecy</title><source>IEEE Electronic Library (IEL)</source><creator>Backes, M. ; Pfitzmann, B.</creator><creatorcontrib>Backes, M. ; Pfitzmann, B.</creatorcontrib><description>We investigate the relation between symbolic and cryptographic secrecy properties for cryptographic protocols. Symbolic secrecy of payload messages or exchanged keys is arguably the most important notion of secrecy shown with automated proof tools. It means that an adversary restricted to symbolic operations on terms can never get the entire considered object into its knowledge set. Cryptographic secrecy essentially means computational indistinguishability between the real object and a random one, given the view of a much more general adversary. In spite of recent advances in linking symbolic and computational models of cryptography, no relation for secrecy under active attacks is known yet. For exchanged keys, we show that a certain strict symbolic secrecy definition over a specific Dolev-Yao-style cryptographic library implies cryptographic key secrecy for a real implementation of this cryptographic library. For payload messages, we present the first general cryptographic secrecy definition for a reactive scenario. The main challenge is to separate secrecy violations by the protocol under consideration from secrecy violations by the protocol users in a general way. For this definition, we show a general secrecy preservation theorem under reactive simulatability, the cryptographic notion of secure implementation. This theorem is of independent cryptographic interest. We then show that symbolic secrecy implies cryptographic payload secrecy for the same cryptographic library as used in key secrecy. Our results thus enable formal proof techniques to establish cryptographically sound proofs of secrecy for payload messages and exchanged keys.</description><identifier>ISSN: 1545-5971</identifier><identifier>ISSN: 0361-1434</identifier><identifier>EISSN: 1941-0018</identifier><identifier>DOI: 10.1109/TDSC.2005.25</identifier><identifier>CODEN: ITDSCM</identifier><language>eng</language><publisher>Washington: IEEE</publisher><subject>Algebra ; Automation ; Computational modeling ; Cryptographic protocols ; Cryptography ; Cybersecurity ; Dolev-Yao model ; Equations ; Humans ; Index Terms- Relations between models ; Joining processes ; Knowledge ; Libraries ; Payloads ; probabilistic computation-cryptography ; Protocol ; Public key ; secrecy ; Security management ; simulatability ; Studies</subject><ispartof>IEEE transactions on dependable and secure computing, 2005-04, Vol.2 (2), p.109-123</ispartof><rights>Copyright IEEE Computer Society Apr-Jun 2005</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c313t-564504c0d58df78aa350e9da5910608c865be3cad66840f720470973414ddd683</citedby><cites>FETCH-LOGICAL-c313t-564504c0d58df78aa350e9da5910608c865be3cad66840f720470973414ddd683</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/1453530$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,796,27924,27925,54758</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/1453530$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Backes, M.</creatorcontrib><creatorcontrib>Pfitzmann, B.</creatorcontrib><title>Relating symbolic and cryptographic secrecy</title><title>IEEE transactions on dependable and secure computing</title><addtitle>TDSC</addtitle><description>We investigate the relation between symbolic and cryptographic secrecy properties for cryptographic protocols. Symbolic secrecy of payload messages or exchanged keys is arguably the most important notion of secrecy shown with automated proof tools. It means that an adversary restricted to symbolic operations on terms can never get the entire considered object into its knowledge set. Cryptographic secrecy essentially means computational indistinguishability between the real object and a random one, given the view of a much more general adversary. In spite of recent advances in linking symbolic and computational models of cryptography, no relation for secrecy under active attacks is known yet. For exchanged keys, we show that a certain strict symbolic secrecy definition over a specific Dolev-Yao-style cryptographic library implies cryptographic key secrecy for a real implementation of this cryptographic library. For payload messages, we present the first general cryptographic secrecy definition for a reactive scenario. The main challenge is to separate secrecy violations by the protocol under consideration from secrecy violations by the protocol users in a general way. For this definition, we show a general secrecy preservation theorem under reactive simulatability, the cryptographic notion of secure implementation. This theorem is of independent cryptographic interest. We then show that symbolic secrecy implies cryptographic payload secrecy for the same cryptographic library as used in key secrecy. Our results thus enable formal proof techniques to establish cryptographically sound proofs of secrecy for payload messages and exchanged keys.</description><subject>Algebra</subject><subject>Automation</subject><subject>Computational modeling</subject><subject>Cryptographic protocols</subject><subject>Cryptography</subject><subject>Cybersecurity</subject><subject>Dolev-Yao model</subject><subject>Equations</subject><subject>Humans</subject><subject>Index Terms- Relations between models</subject><subject>Joining processes</subject><subject>Knowledge</subject><subject>Libraries</subject><subject>Payloads</subject><subject>probabilistic computation-cryptography</subject><subject>Protocol</subject><subject>Public key</subject><subject>secrecy</subject><subject>Security management</subject><subject>simulatability</subject><subject>Studies</subject><issn>1545-5971</issn><issn>0361-1434</issn><issn>1941-0018</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2005</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNpd0MtLxDAQBvAgCq6Pmzcviwcv2nXymDQ5yvqEBUHXc8gm6dql29ake-h_b8sKgqcZhh8fw0fIBYUZpaDvlg8f8xkDwBnDAzKhWtAMgKrDYUeBGeqcHpOTlDYATCgtJuTmPVS2K-v1NPXbVVOVbmprP3Wxb7tmHW37NVxScDG4_owcFbZK4fx3npLPp8fl_CVbvD2_zu8XmeOUdxlKgSAceFS-yJW1HCFob1FTkKCckrgK3FkvpRJQ5AxEDjrnggrvvVT8lFzvc9vYfO9C6sy2TC5Ula1Ds0uGKdCMIg7w6h_cNLtYD78ZBhIZF4oN6HaPXGxSiqEwbSy3NvaGghlrM2NtZqzNsDHzcs_LEMIfFciRA_8BPCFmJg</recordid><startdate>20050401</startdate><enddate>20050401</enddate><creator>Backes, M.</creator><creator>Pfitzmann, B.</creator><general>IEEE</general><general>IEEE Computer Society</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>8AL</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>L.-</scope><scope>L6V</scope><scope>M0C</scope><scope>M0N</scope><scope>M7S</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>PYYUZ</scope><scope>Q9U</scope><scope>7SC</scope><scope>8FD</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20050401</creationdate><title>Relating symbolic and cryptographic secrecy</title><author>Backes, M. ; Pfitzmann, B.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c313t-564504c0d58df78aa350e9da5910608c865be3cad66840f720470973414ddd683</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2005</creationdate><topic>Algebra</topic><topic>Automation</topic><topic>Computational modeling</topic><topic>Cryptographic protocols</topic><topic>Cryptography</topic><topic>Cybersecurity</topic><topic>Dolev-Yao model</topic><topic>Equations</topic><topic>Humans</topic><topic>Index Terms- Relations between models</topic><topic>Joining processes</topic><topic>Knowledge</topic><topic>Libraries</topic><topic>Payloads</topic><topic>probabilistic computation-cryptography</topic><topic>Protocol</topic><topic>Public key</topic><topic>secrecy</topic><topic>Security management</topic><topic>simulatability</topic><topic>Studies</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Backes, M.</creatorcontrib><creatorcontrib>Pfitzmann, B.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ABI/INFORM Professional Advanced</collection><collection>ProQuest Engineering Collection</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>Engineering Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>One Business (ProQuest)</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>ABI/INFORM Collection China</collection><collection>ProQuest Central Basic</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on dependable and secure computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Backes, M.</au><au>Pfitzmann, B.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Relating symbolic and cryptographic secrecy</atitle><jtitle>IEEE transactions on dependable and secure computing</jtitle><stitle>TDSC</stitle><date>2005-04-01</date><risdate>2005</risdate><volume>2</volume><issue>2</issue><spage>109</spage><epage>123</epage><pages>109-123</pages><issn>1545-5971</issn><issn>0361-1434</issn><eissn>1941-0018</eissn><coden>ITDSCM</coden><abstract>We investigate the relation between symbolic and cryptographic secrecy properties for cryptographic protocols. Symbolic secrecy of payload messages or exchanged keys is arguably the most important notion of secrecy shown with automated proof tools. It means that an adversary restricted to symbolic operations on terms can never get the entire considered object into its knowledge set. Cryptographic secrecy essentially means computational indistinguishability between the real object and a random one, given the view of a much more general adversary. In spite of recent advances in linking symbolic and computational models of cryptography, no relation for secrecy under active attacks is known yet. For exchanged keys, we show that a certain strict symbolic secrecy definition over a specific Dolev-Yao-style cryptographic library implies cryptographic key secrecy for a real implementation of this cryptographic library. For payload messages, we present the first general cryptographic secrecy definition for a reactive scenario. The main challenge is to separate secrecy violations by the protocol under consideration from secrecy violations by the protocol users in a general way. For this definition, we show a general secrecy preservation theorem under reactive simulatability, the cryptographic notion of secure implementation. This theorem is of independent cryptographic interest. We then show that symbolic secrecy implies cryptographic payload secrecy for the same cryptographic library as used in key secrecy. Our results thus enable formal proof techniques to establish cryptographically sound proofs of secrecy for payload messages and exchanged keys.</abstract><cop>Washington</cop><pub>IEEE</pub><doi>10.1109/TDSC.2005.25</doi><tpages>15</tpages></addata></record>
fulltext	fulltext_linktorsrc
identifier	ISSN: 1545-5971
ispartof	IEEE transactions on dependable and secure computing, 2005-04, Vol.2 (2), p.109-123
issn	1545-5971 0361-1434 1941-0018
language	eng
recordid	cdi_ieee_primary_1453530
source	IEEE Electronic Library (IEL)
subjects	Algebra Automation Computational modeling Cryptographic protocols Cryptography Cybersecurity Dolev-Yao model Equations Humans Index Terms- Relations between models Joining processes Knowledge Libraries Payloads probabilistic computation-cryptography Protocol Public key secrecy Security management simulatability Studies
title	Relating symbolic and cryptographic secrecy
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-06T23%3A06%3A00IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Relating%20symbolic%20and%20cryptographic%20secrecy&rft.jtitle=IEEE%20transactions%20on%20dependable%20and%20secure%20computing&rft.au=Backes,%20M.&rft.date=2005-04-01&rft.volume=2&rft.issue=2&rft.spage=109&rft.epage=123&rft.pages=109-123&rft.issn=1545-5971&rft.eissn=1941-0018&rft.coden=ITDSCM&rft_id=info:doi/10.1109/TDSC.2005.25&rft_dat=%3Cproquest_RIE%3E1027254111%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=206523482&rft_id=info:pmid/&rft_ieee_id=1453530&rfr_iscdi=true