Universally composable symbolic analysis of mutual authentication and key-exchange protocols

Ran Canetti*, Jonathan Herzog

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

83 Scopus citations

Abstract

Symbolic analysis of cryptographic protocols is dramatically simpler than full-fledged cryptographic analysis. In particular, it is simple enough to be automated. However, symbolic analysis does not, by itself, provide any cryptographic soundness guarantees. Following recent work on cryptographically sound symbolic analysis, we demonstrate how Dolev-Yao style symbolic analysis can be used to assert the security of cryptographic protocols within the universally composable (UC) security framework. Consequently, our methods enable security analysis that is completely symbolic, and at the same time cryptographically sound with strong composability properties. More specifically, we concentrate on mutual authentication and key-exchange protocols. We restrict attention to protocols that use public-key encryption as their only cryptographic primitive and have a specific restricted format. We define a mapping from such protocols to Dolev-Yao style symbolic protocols, and show that the symbolic protocol satisfies a certain symbolic criterion if and only if the corresponding cryptographic protocol is UC-secure. For mutual authentication, our symbolic criterion is similar to the traditional Dolev-Yao criterion. For key exchange, we demonstrate that the traditional Dolev-Yao style symbolic criterion is insufficient, and formulate an adequate symbolic criterion. Finally, to demonstrate the viability of our treatment, we use an existing tool to automatically verify whether some prominent key-exchange protocols are UC-secure.

Original languageEnglish
Title of host publicationTheory of Cryptography
Subtitle of host publicationThird Theory of Cryptography Conference, TCC 2006, Proceedings
Pages380-403
Number of pages24
DOIs
StatePublished - 2006
Externally publishedYes
Event3rd Theory of Cryptography Conference, TCC 2006 - New York, NY, United States
Duration: 4 Mar 20067 Mar 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3876 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference3rd Theory of Cryptography Conference, TCC 2006
Country/TerritoryUnited States
CityNew York, NY
Period4/03/067/03/06

Fingerprint

Dive into the research topics of 'Universally composable symbolic analysis of mutual authentication and key-exchange protocols'. Together they form a unique fingerprint.

Cite this