Implementing Cryptographic Primitives in the Symbolic Model

  • Peeter Laud
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6617)


When discussing protocol properties in the symbolic (Dolev-Yao; term-based) model of cryptography, the set of cryptographic primitives is defined by the constructors of the term algebra and by the equational theory on top of it. The set of considered primitives is not easily modifiable during the discussion. In particular, it is unclear what it means to define a new primitive from the existing ones, or why a primitive in the considered set may be unnecessary because it can be modeled using other primitives. This is in stark contrast to the computational model of cryptography where the constructions and relationships between primitives are at the very foundation of the theory. In this paper, we explore how a primitive may be constructed from other primitives in the symbolic model, such that no protocol breaks if an atomic primitive is replaced by the construction. As an example, we show the construction of (symbolic) “randomized” symmetric encryption from (symbolic) one-way functions and exclusive or.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Proceedings of the 23rd IEEE Computer Security Foundations Symposium, CSF 2010, Edinburgh, United Kingdom, July 17-19. IEEE Computer Society, Los Alamitos (2010)Google Scholar
  2. 2.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: POPL, pp. 104–115 (2001)Google Scholar
  3. 3.
    Aceto, L., Hennessy, M.: Towards action-refinement in process algebras. Inf. Comput. 103(2), 204–269 (1993)CrossRefMATHGoogle Scholar
  4. 4.
    Backes, M., Pfitzmann, B., Waidner, M.: A Universally Composable Cryptographic Library. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, DC. ACM Press, New York (2003); Extended version available as Report 2003/015 of Cryptology ePrint ArchiveGoogle Scholar
  5. 5.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  6. 6.
    Blanchet, B., Podelski, A.: Verification of Cryptographic Protocols: Tagging Enforces Termination. In: Gordon, A.D. (ed.) FOSSACS 2003. LNCS, vol. 2620, pp. 136–152. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: FOCS, pp. 136–145 (2001)Google Scholar
  8. 8.
    Ciobâca, S., Cortier, V.: Protocol composition for arbitrary primitives. In: CSF [1], pp. 322–336Google Scholar
  9. 9.
    Delaune, S., Kremer, S., Pereira, O.: Simulation based security in the applied pi calculus. In: Kannan, R., Kumar, K.N. (eds.) FSTTCS. LIPIcs, vol. 4, pp. 169–180. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2009)Google Scholar
  10. 10.
    Dolev, D., Yao, A.C.-C.: On the Security of Public Key Protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)CrossRefMATHGoogle Scholar
  11. 11.
    Dworkin, M.: Recommendation for Block Cipher Modes of Operation. NIST Special Publication 800-38A (2001)Google Scholar
  12. 12.
    Goldwasser, S., Micali, S.: Probabilistic Encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984)CrossRefMATHGoogle Scholar
  13. 13.
    Muñiz, M.G., Laud, P.: On the (Im)possibility of Perennial Message Recognition Protocols without Public-Key Cryptography. In: 26th ACM Symposium On Applied Computing, vol. 2, pp. 1515–1520 (March 2011)Google Scholar
  14. 14.
    Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)CrossRefMATHGoogle Scholar
  15. 15.
    Maurer, U.M., Renner, R., Holenstein, C.: Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21–39. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Milner, R.: Functions as processes. Mathematical Structures in Computer Science 2(2), 119–141 (1992)CrossRefMATHGoogle Scholar
  17. 17.
    Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Security and Privacy, pp. 184–200 (2001)Google Scholar
  18. 18.
    Reeves, S., Streader, D.: Comparison of Data and Process Refinement. In: Dong, J.S., Woodcock, J. (eds.) ICFEM 2003. LNCS, vol. 2885, pp. 266–285. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Roggenbach, M.: CSP-CASL - a new integration of process algebra and algebraic specification. Theor. Comput. Sci. 354(1), 42–71 (2006)CrossRefMATHGoogle Scholar
  20. 20.
    Ryan, M.D., Smyth, B.: Applied pi calculus. In: Cortier, V., Kremer, S. (eds.) Formal Models and Techniques for Analyzing Security Protocols. IOS Press, Amsterdam (2010)Google Scholar
  21. 21.
    Yao, A.C.: Theory and applications of trapdoor functions (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, pp. 80–91. IEEE Computer Society Press, Los Alamitos (1982)Google Scholar
  22. 22.
    Yilek, S.: Resettable Public-Key Encryption: How to Encrypt on a Virtual Machine. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 41–56. Springer, Heidelberg (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Peeter Laud
    • 1
  1. 1.Cybernetica AS and Tartu UniversityEstonia

Personalised recommendations