Formal Eavesdropping and Its Computational Interpretation

  • Martín Abadi
  • Jan Jürjens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2215)


We compare two views of symmetric cryptographic primitives in the context of the systems that use them. We express those systems in a simple programming language; each of the views yields a semantics for the language. One of the semantics treats cryptographic operations formally (that is, symbolically). The other semantics is more detailed and computational; it treats cryptographic operations as functions on bitstrings. Each semantics leads to a definition of equivalence of systems with respect to eavesdroppers. We establish the soundness of the formal definition with respect to the computational one. This result provides a precise computational justification for formal reasoning about security against eavesdroppers.


Encryption Scheme Choice Function Security Parameter Cryptographic Protocol Formal Reasoning 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Martín Abadi and Andrew D. Gordon. A calculus for cryptographic protocols: The spi calculus. Information and Computation, 148(1):1–70, January 1999. An extended version appeared as Digital Equipment Corporation Systems Research Center report No. 149, January 1998.zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Martín Abadi and Jan Jürjens. Formal eavesdropping and its computational interpretation, 2001. Longer version of this paper, available at
  3. 3.
    Martín Abadi and Phillip Rogaway. Reconciling two views of cryptography (The computational soundness of formal encryption). In Proceedings of the First IFIP International Conference on Theoretical Computer Science, volume 1872 of Lecture Notes in Computer Science, pages 3–22. Springer-Verlag, August 2000.Google Scholar
  4. 4.
    Mihir Bellare, Anand Desai, Eron Jokipii, and Phillip Rogaway. A concrete security treatment of symmetric encryption: analysis of the DES modes of operation. In Proceedings of 38th Annual Symposium on Foundations of Computer Science (FOCS 97), pages 394–403, 1997.Google Scholar
  5. 5.
    Mihir Bellare and Phillip Rogaway. Entity authentication and key distribution. In Advances in Cryptology-CRYPTO’ 94, volume 773 of Lecture Notes in Computer Science, pages 232–249. Springer-Verlag, 1993.Google Scholar
  6. 6.
    Steven M. Bellovin. Problem areas for the IP security protocols. In Proceedings of the Sixth Usenix Unix Security Symposium, pages 1–16, July 1996.Google Scholar
  7. 7.
    Manuel Blum and Silvio Micali. How to generate cryptographically strong sequences of pseudo random bits. In Proceedings of the 23rd Annual Symposium on Foundations of Computer Science (FOCS 82), pages 112–117, 1982.Google Scholar
  8. 8.
    Danny Dolev and Andrew C. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, IT-29(12):198–208, March 1983.CrossRefMathSciNetGoogle Scholar
  9. 9.
    Marc Fischlin. Pseudorandom function tribe ensembles based on one-way permutations: Improvements and applications. In Advances in Cryptology-Eurocrypt’ 99, volume 1592 of Lecture Notes in Computer Science, pages 429–444. Springer-Verlag, 1999.Google Scholar
  10. 10.
    Oded Goldreich, Silvio Micali, and Avi Wigderson. How to play any mental game. In Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, pages 218–229, 1987.Google Scholar
  11. 11.
    S. Goldwasser and M. Bellare. Lecture notes on cryptography, 1999.Google Scholar
  12. 12.
    Shafi Goldwasser and Silvio Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28:270–299, April 1984.zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Shafi Goldwasser, Silvio Micali, and Ronald Rivest. A digital signature scheme secure against adaptive chosen-message attack. SIAM Journal on Computing, 17:281–308, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Jan Jürjens. Composability of secrecy. In International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security (MMM 2001), volume 2052 of Lecture Notes in Computer Science, pages 28–38. Springer-Verlag, 2001.Google Scholar
  15. 15.
    Jan Jürjens. Secrecy-preserving refinement. In J. Fiadeiro and P. Zave, editors, Formal Methods Europe, volume 2021 of Lecture Notes in Computer Science, pages 135–152. Springer-Verlag, 2001.Google Scholar
  16. 16.
    R. Kemmerer, C. Meadows, and J. Millen. Three system for cryptographic protocol analysis. Journal of Cryptology, 7(2):79–130, Spring 1994.zbMATHCrossRefGoogle Scholar
  17. 17.
    P. Lincoln, J. Mitchell, M. Mitchell, and A. Scedrov. A probabilistic poly-time framework for protocol analysis. In Proceedings of the Fifth ACM Conference on Computer and Communications Security, pages 112–121, 1998.Google Scholar
  18. 18.
    Gavin Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems, volume 1055 of Lecture Notes in Computer Science, pages 147–166. Springer-Verlag, 1996.Google Scholar
  19. 19.
    A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996.Google Scholar
  20. 20.
    Robin Milner. Communicating and Mobile Systems: the π-Calculus. Cambridge University Press, 1999.Google Scholar
  21. 21.
    John C. Mitchell. Foundations for Programming Languages. MIT Press, 1996.Google Scholar
  22. 22.
    Lawrence C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6(1-2):85–128, 1998.Google Scholar
  23. 23.
    Birgit Pfitzmann, Matthias Schunter, and Michael Waidner. Cryptographic security of reactive systems (extended abstract). Electronic Notes in Theoretical Computer Science, 32, April 2000.Google Scholar
  24. 24.
    Birgit Pfitzmann and Michael Waidner. Composition and integrity preservation of secure reactive systems. In Proceedings of the 7th ACM Conference on Computer and Communications Security, pages 245–254, November 2000.Google Scholar
  25. 25.
    Birgit Pfitzmann and Michael Waidner. A model for asynchronous reactive systems and its application to secure message transmission. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, pages 184–200, May 2001.Google Scholar
  26. 26.
    Andrew C. Yao. Theory and applications of trapdoor functions. In Proceedings of the 23rd Annual Symposium on Foundations of Computer Science (FOCS 82), pages 80–91, 1982.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Martín Abadi
  • Jan Jürjens

There are no affiliations available

Personalised recommendations