Niveau: Supérieur, Doctorat, Bac+8
Computationally Sound Mechanized Proofs of Correspondence Assertions Bruno Blanchet CNRS, Ecole Normale Superieure, Paris Abstract We present a new mechanized prover for showing cor- respondence assertions for cryptographic protocols in the computational model. Correspondence assertions are use- ful in particular for establishing authentication. Our tech- nique produces proofs by sequences of games, as standard in cryptography. These proofs are valid for a number of ses- sions polynomial in the security parameter, in the presence of an active adversary. Our technique can handle a wide variety of cryptographic primitives, including shared- and public-key encryption, signatures, message authentication codes, and hash functions. It has been implemented in the tool CryptoVerif and successfully tested on examples from the literature. 1. Introduction Correspondence assertions on cryptographic protocols are properties of the form “if some events have been exe- cuted, then some other events have been executed”, where each event corresponds to a certain point in the protocol, possibly with arguments. An event can be formalized by a special instruction event e(M1, . . . ,Mm), which sim- ply records that the event e(M1, . . . ,Mm) has been exe- cuted. Woo and Lam [61] introduced correspondence as- sertions to express the authentication properties of cryp- tographic protocols, such as “if B terminates a run of the protocol, apparently with A, then A has started a run of the protocol, apparently with B.
- has been
- probability can
- true ?
- cryptographic protocols
- allowed cryptographic primitives
- protocols using
- arrays come
- key exchange
- built based