Introduction Using CryptoVerif Proof technique Example proof Conclusion

52 pages

English

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Introduction Using CryptoVerif Proof technique Example proof Conclusion

pefav - Bruno Blanchet

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

52 pages

English

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

Introduction Using CryptoVerif Proof technique Example proof Conclusion CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno Blanchet CNRS, Ecole Normale Superieure, INRIA, Paris May 2010 Bruno Blanchet (CNRS, ENS, INRIA) CryptoVerif May 2010 1 / 47

cryptographic primitives

cryptoverif proof technique

proofs can

bitstrings cryptographic primitives

approach allows

direct approach

dolev-yao model

automatic proof

Sujets

Blanchet

Dolev-Yao model

Informations

Publié par	pefav
Nombre de lectures	23
Langue	English

Extrait

IntroductionUsignrCpyoteVirPforteofnicheEqumpxarpelCfoolcnooisunBoalrBnuNS,IRS,Et(CNnchefireVotpyrC)AIRN

Bruno Blanchet

May 2010

CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols

´ CNRS,EcoleNormaleSupe´rieure,INRIA,Paris

7/40101y2Ma

tnIpyoteVirPforfoetroductionUsingCrlcnoCfoonoisueEqunichprlempxa)ArCpyoteVirMfyaet(CNRS,ENS,INRIurBlBonhcna

Two models for security protocols: Computational model: messages are bitstrings cryptographic primitives are functions from bitstrings to bitstrings the adversary is a probabilistic polynomial-time Turing machine Proofs are done manually. Formal model(so-called “Dolev-Yao model”): cryptographic primitives are ideal blackboxes messages are terms built from the cryptographic primitives the adversary is restricted to use only the primitives Proofs can be done automatically. Our goal: achieveautomatic provabilityunder the realisticcomputational assumptions.

Introduction

74/20102

ofConcluampleproisnoCNt(,ERS,INSIANRnurBalBoehcn0103/47

Introduction

Two approaches for the automatic proof of cryptographic protocols in a computational model: Indirect approach: 1) Make a Dolev-Yao proof. 2) Use a theorem that shows the soundness of the Dolev-Yao approach with respect to the computational model. Pioneered by Abadi and Rogaway; pursued by many others. Direct approach: Design automatic tools for proving protocols in a computational model. Approach pioneered by Laud.

C)yrtpVorefiaM2yhniqueExProoftectpVorefisUniCgyrucodontitrIn

,SNE,SNIIR)ArCpyrunoBlanchet(CNR

Advantages and drawbacks

The indirect approach allows more reuse of previous work, but it has limitations: Hypotheseshave to be added to make sure that the computational and Dolev-Yao models coincide. Theallowed cryptographic primitivesare often limited, and only ideal, not very practical primitives can be used. Using the Dolev-Yao model is actually a (big)detour; The computational deﬁnitions of primitives ﬁt the computational security properties to prove. They do not ﬁt the Dolev-Yao model. We decided to focus on the direct approach.

VetofMri20ay4/10trodInonUsuctisiluncCoofroepplnoifProVerryptingCxEmaqieucenhootfB

echniqueifProoftyrtpVorenosUniCgsiluonfoorcnoCmaxEpelpnIitcudortrBcnalBonu01y2/405

An automatic prover

We have implemented anautomatic prover: provessecrecyandcorrespondenceproperties. provides agenericmethod for specifying properties of cryptographic primitiveswhich handles symmetric encryption, MACs, public-key encryption, signatures, hash functions, CDH, DDH, . . . works forNsessions(polynomial in the security parameter), with an active adversary. gives a bound on theprobabilityof an attack (exact security).