research-article

Fully automated analysis of padding-based encryption in the computational model

Authors:

Juan Manuel Crespo,

Benjamin Grégoire,

Yassine Lakhnech,

Benedikt Schmidt,

Santiago Zanella-BéguelinAuthors Info & Claims

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 1247 - 1260

https://doi.org/10.1145/2508859.2516663

Published: 04 November 2013 Publication History

Abstract

Computer-aided verification provides effective means of analyzing the security of cryptographic primitives. However, it has remained a challenge to achieve fully automated analyses yielding guarantees that hold against computational (rather than symbolic) attacks. This paper meets this challenge for public-key encryption schemes built from trapdoor permutations and hash functions. Using a novel combination of techniques from computational and symbolic cryptography, we present proof systems for analyzing the chosen-plaintext and chosen-ciphertext security of such schemes in the random oracle model. Building on these proof systems, we develop a toolset that bundles together fully automated proof and attack finding algorithms. We use this toolset to build a comprehensive database of encryption schemes that records attacks against insecure schemes, and proofs with concrete bounds for secure ones.

References

[1]

M. Abadi and C. Fournet. Mobile values, new names, and secure communication. In 28th ACM SIGPLAN-SIGACT symposium on Principles of Programming Languages, POPL 2001, pages 104--115, 2001. ACM.

Digital Library

[2]

M. Abadi and P. Rogaway. Reconciling two views of cryptography (The computational soundness of formal encryption). J. Cryptology, 15(2):103--127, 2002.

Digital Library

[3]

G. Bana and H. Comon-Lundh. Towards unconditional soundness: Computationally complete symbolic attacker. In 1st Conference on Principles of Security and Trust -- POST 2012, volume 7215 of LNCS, pages 189--208, 2012. Springer.

Digital Library

[4]

G. Barthe, B. Grégoire, S. Heraud, and S. Zanella-Beguelin. Computer-aided security proofs for theworking cryptographer. In Advances in Cryptology -- CRYPTO 2011, volume 6841 of LNCS, pages 71--90, 2011. Springer.

Digital Library

[5]

G. Barthe, B. Gregoire, Y. Lakhnech, and S. Zanella-Beguelin. Beyond provable security. Verifiable IND-CCA security of OAEP. In Topics in Cryptology -- CT-RSA 2011, volume 6558 of LNCS, pages 180--196, 2011. Springer.

Digital Library

[6]

G. Barthe, J. M. Crespo, B. Grégoire, C. Kunz, Y. Lakhnech, B. Schmidt, and S. Zanella-Béguelin. Fully automated analysis of padding-based encryption in the computational model. Cryptology ePrint Archive, Report 2012/695.

[7]

G. Barthe, D. Pointcheval, and S. Zanella-Beguelin. Verified security of redundancy-free encryption from Rabin and RSA. In 19th ACM Conference on Computer and Communications Security, CCS 2012, pages 724--735, 2012. ACM.

Digital Library

[8]

M. Baudet, V. Cortier, and S. Delaune. Yapa: A generic tool for computing intruder knowledge. In Rewriting Techniques and Applications, pages 148--163, 2009. Springer.

Digital Library

[9]

M. Baudet, V. Cortier, and S. Kremer. Computationally sound implementations of equational theories against passive adversaries. Inf. Comput., 207(4):496--520, 2009.

Digital Library

[10]

M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In 1st ACM Conference on Computer and Communications Security, CCS 1993, pages 62--73, 1993. ACM.

Digital Library

[11]

M. Bellare and P. Rogaway. Optimal asymmetricencryption. In Advances in Cryptology -- EURO-CRYPT 1994, volume 950 of LNCS, pages 92--111, 1994. Springer.

[12]

B. Blanchet. A computationally sound mechanized prover for security protocols. In 27th IEEE Symposium on Security and Privacy, S&P 2006, pages 140--154. IEEE Computer Society, 2006.

Digital Library

[13]

B. Blanchet. Security protocol verification: Symbolic and computational models. In 1st International Conference on Principles of Security and Trust, POST 2012, volume 7215 of LNCS, pages 3--29, 2012. Springer.

Digital Library

[14]

D. Boneh. Simplified OAEP for the RSA and Rabin functions. In Advances in Cryptology -- CRYPTO 2001, volume 2139 of LNCS, pages 275--291, 2001. Springer.

Digital Library

[15]

S. Ciobaca, S. Delaune, and S. Kremer. Computing knowledge in security protocols under convergent equational theories. In Automated Deduction--CADE-22, pages 355--370. Springer, 2009.

Digital Library

[16]

J.-S. Coron, M. Joye, D. Naccache, and P. Paillier. Universal padding schemes for RSA. In Advances in Cryptology -- CRYPTO 2002, volume 2442 of LNCS, pages 226--241, 2002. Springer.

Digital Library

[17]

V. Cortier, S. Kremer, and B. Warinschi. A survey of symbolic methods in computational analysis of cryptographic systems. J. Autom. Reasoning, 46(3--4):225--259, 2011.

Digital Library

[18]

J. Courant, M. Daubignard, C. Ene, P. Lafourcade, and Y. Lakhnech. Towards automated proofs for asymmetric encryption schemes in the random oracle model. In 15th ACM Conference on Computer and Communications Security, CCS 2008, pages 371--380, 2008. ACM.

Digital Library

[19]

D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198--208, 1983.

Digital Library

[20]

E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern. RSA-OAEP is secure under the RSA assumption. J. Cryptology, 17(2):81--104, 2004.

Digital Library

[21]

S. Goldwasser and S. Micali. Probabilistic encryption. J. Comput. Syst. Sci., 28(2):270--299, 1984.

[22]

R. Impagliazzo and B. M. Kapron. Logics for reasoning about cryptographic constructions. J. Comput. Syst. Sci., 72(2):286--320, 2006.

Digital Library

[23]

T. Kleinjung, K. Aoki, J. Franke, A. Lenstra, E. Thome, J. Bos, P. Gaudry, A. Kruppa, P. Montgomery, D. Osvik, H. te Riele, A. Timofeev, and P. Zimmermann. Factorization of a 768-bit RSA modulus. In Advances in Cryptology -- CRYPTO 2010, volume 6223 of LNCS, pages 333--350, 2010. Springer.

Digital Library

[24]

Y. Komano and K. Ohta. Taxonomical security consideration of OAEP variants. IEICE Transactions, E89-A (5):1233--1245, 2006.

Digital Library

[25]

A. K. Lenstra and E. R. Verheul. Selecting crypto- graphic key sizes. J. Cryptology, 14(4):255--293, 2001.

Digital Library

[26]

T. Okamoto and D. Pointcheval. The gap-problems: A new class of problems for the security of cryptographic schemes. In 4th International Workshop on Practice and Theory in Public Key Cryptography, PKC 2001, volume 1992 of LNCS, pages 104--118, 2001. Springer.

Digital Library

[27]

A. Perrig and D. Song. Looking for diamonds in the desert -- extending automatic protocol generation to three-party authentication and key agreement protocols. In 13th IEEE Workshop on Computer Security Foundations, CSFW 2000, pages 64--76, 2000. IEEE Computer Society.

Digital Library

[28]

A. Roy, A. Datta, A. Derek, and J. C. Mitchell. Induc- tive trace properties for computational security. Journal of Computer Security, 18(6):1035--1073, 2010.

Digital Library

[29]

V. Shoup. Sequences of games: a tool for taming com- plexity in security proofs. Cryptology ePrint Archive, Report 2004/332.

[30]

D. Unruh. The impossibility of computationally sound XOR. Cryptology ePrint Archive, Report 2010/389.

[31]

Y. Zheng and J. Seberry. Practical approaches to at- taining security against adaptively chosen ciphertext attacks. In Advances in Cryptology -- CRYPTO 1992, volume 740 of LNCS, pages 292--304, 1993. Springer.

Digital Library

Cited By

Ambrona MFarshim PHarasser PLuo BLiao XXu JKirda ELie D(2024)Block Ciphers in Idealized Models: Automated Proofs and New Security ResultsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690222(2771-2785)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690222
Xie XLi YZhang WWang TXu SZhu JSong Y(2024)GAuV: A Graph-Based Automated Verification Framework for Perfect Semi-Honest Security of Multiparty Computation Protocols2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00131(484-502)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00131
Meadows C(2024)Formal Verification of CryptosystemsEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_1673-1(5-8)Online publication date: 4-Jul-2024
https://doi.org/10.1007/978-3-642-27739-9_1673-1
Show More Cited By

Index Terms

Fully automated analysis of padding-based encryption in the computational model
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption
2. Theory of computation
  1. Logic
  2. Semantics and reasoning
    1. Program reasoning

Recommendations

Automated Proofs of Pairing-Based Cryptography
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Analyzing cryptographic constructions in the computational model, or simply verifying the correctness of security proofs, are complex and error-prone tasks. Although computer tools have significant potential to increase confidence in security proofs and ...
Towards automated proofs for asymmetric encryption schemes in the random oracle model
CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

Chosen-ciphertext security is by now a standard security property for asymmetric encryption. Many generic constructions for building secure cryptosystems from primitives with lower level of security have been proposed. Providing security proofs has also ...
Security Models and Proof Strategies for Plaintext-Aware Encryption

Plaintext-aware encryption is a simple concept: a public-key encryption scheme is plaintext aware if no polynomial-time algorithm can create a ciphertext without "knowing" the underlying message. However, the formal definitions of plaintext awareness ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

November 2013

1530 pages

ISBN:9781450324779

DOI:10.1145/2508859

General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4 - 8, 2013

Berlin, Germany

Acceptance Rates

CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

33
Total Citations
View Citations
349
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)3

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ambrona MFarshim PHarasser PLuo BLiao XXu JKirda ELie D(2024)Block Ciphers in Idealized Models: Automated Proofs and New Security ResultsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690222(2771-2785)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690222
Xie XLi YZhang WWang TXu SZhu JSong Y(2024)GAuV: A Graph-Based Automated Verification Framework for Perfect Semi-Honest Security of Multiparty Computation Protocols2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00131(484-502)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00131
Meadows C(2024)Formal Verification of CryptosystemsEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_1673-1(5-8)Online publication date: 4-Jul-2024
https://doi.org/10.1007/978-3-642-27739-9_1673-1
Haselwarter PRivas EVan Muylder AWinterhalter TAbate CSidorenco NHriţcu CMaillard KSpitters B(2023)SSProve: A Foundational Framework for Modular Cryptographic Proofs in CoqACM Transactions on Programming Languages and Systems10.1145/359473545:3(1-61)Online publication date: 20-Jul-2023
https://dl.acm.org/doi/10.1145/3594735
Chichester DDu WKauffman RLin HLynch CM. Marshall AA. Meadows CNarendran PRavishankar VRovira LRozek B(2022)CryptoSolve: Towards a Tool for the Symbolic Analysis of Cryptographic AlgorithmsElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.370.10370(147-161)Online publication date: 20-Sep-2022
https://doi.org/10.4204/EPTCS.370.10
Rakotonirina IAmbrona MAguirre ABarthe GSuga YSakurai KDing XSako K(2022)Symbolic Synthesis of Indifferentiability AttacksProceedings of the 2022 ACM on Asia Conference on Computer and Communications Security10.1145/3488932.3497759(667-681)Online publication date: 30-May-2022
https://dl.acm.org/doi/10.1145/3488932.3497759
Koutsos A(2021)Decidability of a Sound Set of Inference Rules for Computational IndistinguishabilityACM Transactions on Computational Logic10.1145/342316922:1(1-44)Online publication date: 19-Jan-2021
https://dl.acm.org/doi/10.1145/3423169
Barbosa MBarthe GBhargavan KBlanchet BCremers CLiao KParno B(2021)SoK: Computer-Aided Cryptography2021 IEEE Symposium on Security and Privacy (SP)10.1109/SP40001.2021.00008(777-795)Online publication date: May-2021
https://doi.org/10.1109/SP40001.2021.00008
Abate CHaselwarter PRivas EMuylder AWinterhalter THriţcu CMaillard KSpitters B(2021)SSProve: A Foundational Framework for Modular Cryptographic Proofs in Coq2021 IEEE 34th Computer Security Foundations Symposium (CSF)10.1109/CSF51468.2021.00048(1-15)Online publication date: Jun-2021
https://doi.org/10.1109/CSF51468.2021.00048
Meadows C(2021)Moving the Bar on Computationally Sound Exclusive-OrComputer Security – ESORICS 202110.1007/978-3-030-88428-4_14(275-295)Online publication date: 2-Oct-2021
https://doi.org/10.1007/978-3-030-88428-4_14
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents