Abstract
We describe how a probabilistic Hoare logic with localities can be used for reasoning about security. As a proof-of-concept, we analyze Vernam and El-Gamal cryptosystems, prove the security properties that they do satisfy, and disprove those that they do not. We also consider a version of the Muddy Children puzzle, where children’s trust and noise are taken into account.
D. Pavlovic—Partially supported by NSF and AFOSR.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
There are, of course, many ways to go beyond the Dolev-Yao models and formalize probabilistic and computational reasoning in cryptography. One of the reviewers suggests that Easycrypt [1] should be mentioned. The point here is, however, to try to extend by probabilities the usual Floyd-Hoare annotations, which naturally fit with strand spaces.
- 2.
Two ensembles are computationally indistinguishable when their differences cannot be detected by polynomially bounded computations, e.g. because they occur only superpolynomially far down the strings of digits of their probabilities.
- 3.
We assume that the coin is fair. If it is biased, the argument goes through for any probability p instead of \(\frac{1}{2}\), provided that \(p \ne 0\) and \(p\ne 1\).
- 4.
Here we hide away some details. \(\mathbb {G}\) is usually taken to be a cyclic subgroup of the multiplicative group of a field \(\mathbb {Z}_p\). But while the reader familiar with the system, or a student of any cryptography textbook, will have no trouble recovering the details swept under the carpet, carrying them around here would distract from the main idea.
- 5.
It is required that the chance of \(\mathsf{DHd}\left( g^a, g^b, g^{ab}\right) = 1\) is feasibly distinguishable from \(\frac{1}{2}\), i.e. greater by a feasible function. It follows that the chance of \(\mathsf{DHd}\left( g^a, g^b, g^{d}\right) = 1\) for \(d\ne ab\) is also significantly smaller than \(\frac{1}{2}\) by a feasible function.
References
Barthe, G., Dupressoir, F., Grégoire, B., Kunz, C., Schmidt, B., Strub, P.-Y.: EasyCrypt: a tutorial. In: Aldini, A., Lopez, J., Martinelli, F. (eds.) FOSAD 2012-2013. LNCS, vol. 8604, pp. 146–166. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10082-1_6
Cervesato, I., Meadows, C., Pavlovic, D.: An encapsulated authentication logic for reasoning about key distribution protocols. In: Guttman, J. (ed.) Proceedings of CSFW 2005, pp. 48–61. IEEE (2005)
Daston, L.: How probabilities came to be objective and subjective. Hist. Math. 21(3), 330–344 (1994)
Datta, A., Derek, A., Mitchell, J., Pavlovic, D.: A derivation system and compositional logic for security protocols. J. Comput. Secur. 13, 423–482 (2005)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–208 (1983)
Durgin, N., Mitchell, J., Pavlovic, D.: A compositional logic for proving security properties of protocols. J. Comput. Secur. 11(4), 677–721 (2004)
Durgin, N., Mitchell, J.C., Pavlovic, D.: A compositional logic for protocol correctness. In: Schneider, S. (ed.) Proceedings of CSFW 2001, pp. 241–255. IEEE (2001)
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game, or: a completeness theorem for protocols with honest majority. In: Proceedings of STOC, New York, NY, USA. Association for Computing Machinery (1987)
Guttman, J.D.: Shapes: surveying crypto protocol runs. In: Cortier, V., Kremer, S. (eds.) Formal Models and Techniques for Analyzing Security Protocols, Volume 5 of Cryptology and Information Security Series, pp. 222–257. IOS Press (2011)
Guttman, J.D.: State and progress in strand spaces: proving fair exchange. J. Autom. Reason. 48(2), 159–195 (2012)
Guttman, J.D.: Establishing and preserving protocol security goals. J. Comput. Secur. 22(2), 203–267 (2014)
Meadows, C., Pavlovic, D.: Deriving, attacking and defending the GDOI protocol. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 53–72. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30108-0_4
Pavlovic, D., Meadows, C.: Actor-network procedures. In: Ramanujam, R., Ramaswamy, S. (eds.) ICDCIT 2012. LNCS, vol. 7154, pp. 7–26. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28073-3_2arxiv.org:1106.0706
Ramsdell, J.D., Dougherty, D.J., Guttman, J.D., Rowe, P.D.: A hybrid analysis for security protocols with state. In: Albert, E., Sekerinski, E. (eds.) IFM 2014. LNCS, vol. 8739, pp. 272–287. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10181-1_17
Thayer, F.J., Herzog, J.C., Guttman, J.D.: Honest ideals on strand spaces. In: Proceedings of the 11th CSFW, pp. 66–77. IEEE Computer Society (1998)
Thayer, F.J., Herzog, J.C., Guttman, J.D.: Mixed strand spaces. In: Proceedings of the 12th CSFW, pp. 72–82. IEEE Computer Society (1999)
Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: proving security protocols correct. J. Comput. Secur. 7(1), 191–230 (1999)
Thayer, F.J., Swarup, V., Guttman, J.D.: Metric strand spaces for locale authentication protocols. In: Nishigaki, M., Jøsang, A., Murayama, Y., Marsh, S. (eds.) IFIPTM 2010. IAICT, vol. 321, pp. 79–94. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13446-3_6
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Pavlovic, D. (2021). Probabilistic Annotations for Protocol Models. In: Dougherty, D., Meseguer, J., Mödersheim, S.A., Rowe, P. (eds) Protocols, Strands, and Logic. Lecture Notes in Computer Science(), vol 13066. Springer, Cham. https://doi.org/10.1007/978-3-030-91631-2_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-91631-2_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91630-5
Online ISBN: 978-3-030-91631-2
eBook Packages: Computer ScienceComputer Science (R0)