Relating two standard notions of secrecy

Relating two standard notions of secrecy. Véronique Cortier, Michael Rusinowitch, and Eugen Zalinescu. Logical Methods in Computer Science, 3(3), July 2007.

Download

[PDF] [HTML] 

Abstract

Two styles of definitions are usually considered to express that a security protocol preserves the confidentiality of a data s. Reachability-based secrecy means that s should never be disclosed while equivalence-based secrecy states that two executions of a protocol with distinct instances for s should be indistinguishable to an attacker. Although the second formulation ensures a higher level of security and is closer to cryptographic notions of secrecy, decidability results and automatic tools have mainly focused on the first definition so far. This paper initiates a systematic investigation of the situations where syntactic secrecy entails strong secrecy. We show that in the passive case, reachability-based secrecy actually implies equivalence-based secrecy for digital signatures, symmetric and asymmetric encryption provided that the primitives are probabilistic. For active adversaries, we provide sufficient (and rather tight) conditions on the protocol for this implication to hold.

BibTeX

@Article{CRZ-LMCS07,
  author = 	 {V\'eronique Cortier and Michael Rusinowitch and Eugen Zalinescu},
  title = 	 {Relating two standard notions of secrecy},
  journal = 	 {Logical Methods in Computer Science},
  year = 	 {2007},
  volume = 	 {3},
  number = 	 {3},
  month = 	 {July},
abstract = {Two styles of definitions are usually considered to express 
that a security protocol preserves the confidentiality of a data s. 
Reachability-based secrecy means that s should never be disclosed while 
equivalence-based secrecy states that two executions of a protocol with 
distinct instances for s should be indistinguishable to an attacker. 
Although the second formulation ensures a higher level of security and 
is closer to cryptographic notions of secrecy, decidability results and 
automatic tools have mainly focused on the first definition so far. 
This paper initiates a systematic investigation of the situations where 
syntactic secrecy entails strong secrecy. We show that in the passive 
case, reachability-based secrecy actually implies equivalence-based 
secrecy for digital signatures, symmetric and asymmetric encryption 
provided that the primitives are probabilistic. For active adversaries, 
we provide sufficient (and rather tight) conditions on the protocol for 
this implication to hold.},
DOI = {10.2168/LMCS-3(3:2)2007},
}

Parts of this page have been generated by bib2html.pl (written by Patrick Riley ) on Tue Feb 13, 2024 14:48:49