Computationally Sound Symbolic Secrecy in the Presence of Hash Functions

  • Véronique Cortier
  • Steve Kremer
  • Ralf Küsters
  • Bogdan Warinschi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4337)


The standard symbolic, deducibility-based notions of secrecy are in general insufficient from a cryptographic point of view, especially in presence of hash functions. In this paper we devise and motivate a more appropriate secrecy criterion which exactly captures a standard cryptographic notion of secrecy for protocols involving public-key enryption and hash functions: protocols that satisfy it are computationally secure while any violation of our criterion directly leads to an attack. Furthermore, we prove that our criterion is decidable via an NP decision procedure. Our results hold for standard security notions for encryption and hash functions modeled as random oracles.


Hash Function Random Oracle Constraint System Symbolic Execution Honest Party 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Rogaway, P.: Reconciling two views of cryptography. In: Watanabe, O., Hagiya, M., Ito, T., van Leeuwen, J., Mosses, P.D. (eds.) TCS 2000. LNCS, vol. 1872, pp. 3–22. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Backes, M., Christian Jacobi, I.: Cryptographically sound and machine-assisted verification of security protocols. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 675–686. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Backes, M., Pfitzmann, B.: Relating cryptographic und symbolic key secrecy. In: Proc. 26th IEEE Symposium on Security and Privacy (SSP 2005), pp. 171–182 (2005)Google Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: Proc. 14th IEEE Computer Security Foundations Workshop (CSFW 2001), pp. 82–96 (2001)Google Scholar
  7. 7.
    Canetti, R., Herzog, J.: Soundness of formal encryption in the presence of active adversaries. In: TCC 2006. LNCS. Springer, Heidelberg (2006)Google Scholar
  8. 8.
    Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: LICS 2003, pp. 271–280 (2003)Google Scholar
  9. 9.
    Cortier, V., Kremer, S., Küsters, R., Warinschi, B.: Computationally sound symbolic secrecy in the presence of hash functions. Research Report, 2006/218, Cryptology ePrint Archive, 31 pages (June 2006)Google Scholar
  10. 10.
    Cortier, V., Warinschi, B.: Computationally Sound, Automated Proofs for Security Protocols. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 157–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28, 270–299 (1984)MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Gupta, P., Shmatikov, V.: Towards computationally sound symbolic analysis of key exchange protocols. In: FMSE 2005, pp. 23–32 (2005)Google Scholar
  13. 13.
    Janvier, R., Lakhnech, Y., Mazaré, L.: Computational soundness of symbolic analysis for protocols using hash functions. In: ICS 2006 (to appear, 2006)Google Scholar
  14. 14.
    Micciancio, D., Warinschi, B.: Soundness of formal encryption in the presence of active adversaries. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 133–151. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Millen, J.K., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: CCS 2001, pp. 166–175 (2001)Google Scholar
  16. 16.
    Rusinowitch, M., Turuani, M.: Protocol Insecurity with Finite Number of Sessions and Composed Keys is NP-complete. Theoretical Computer Science 299, 451–475 (2003)MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Véronique Cortier
    • 1
  • Steve Kremer
    • 2
  • Ralf Küsters
    • 3
  • Bogdan Warinschi
    • 4
  1. 1.Loria, CNRS & INRIA project CassisFrance
  2. 2.LSV, CNRS & ENS Cachan & INRIA project SecsiFrance
  3. 3.ETH ZurichSwitzerland
  4. 4.Loria, Univerité Henri Poincaré & INRIA project CassisFrance

Personalised recommendations