Adaptive Security of Symbolic Encryption

  • Daniele Micciancio
  • Saurabh Panjwani
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3378)


We prove a computational soundness theorem for the symbolic analysis of cryptographic protocols which extends an analogous theorem of Abadi and Rogaway (J. of Cryptology 15(2):103–127, 2002) to a scenario where the adversary gets to see the encryption of a sequence of adaptively chosen symbolic expressions. The extension of the theorem of Abadi and Rogaway to such an adaptive scenario is nontrivial, and raises issues related to the classic problem of selective decommitment, which do not appear in the original formulation of the theorem.

Although the theorem of Abadi and Rogaway applies only to passive adversaries, our extension to adaptive attacks makes it substantially stronger, and powerful enough to analyze the security of cryptographic protocols of practical interest. We exemplify the use of our soundness theorem in the analysis of group key distribution protocols like those that arise in multicast and broadcast applications. Specifically, we provide cryptographic definitions of security for multicast key distribution protocols both in the symbolic as well as the computational framework and use our theorem to prove soundness of the symbolic definition.


Symbolic encryption adaptive adversaries soundness theorem formal methods for security protocols 


  1. 1.
    Abadi, M., Jürjens, J.: Formal eavesdropping and its computational interpretation. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, pp. 82–94. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). Journal of Cryptology 15(2), 103–127 (2002)zbMATHMathSciNetGoogle Scholar
  3. 3.
    Backes, M., Pfitzmann, B.: Symmetric encryption in a simulatable Dolev-Yao style cryptographic library. In: Proceedings of the 17th IEEE computer security foundations Workshop, Pacific Grove, CA, USA, June 2004, pp. 204–218. IEEE Computer Society, Los Alamitos (2004)CrossRefGoogle Scholar
  4. 4.
    Backes, M., Pfitzmann, B., Waidner, M.: A Composable Cryptographic Library with Nested Operations. In: Proceedings of the 10th ACM conference on computer and communications security - CCS 2003, Washington, DC, USA, October 2003, pp. 220–230. ACM, New York (2003)CrossRefGoogle Scholar
  5. 5.
    Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively Secure Multiparty Computation. In: Proceedings of the twenty-eighth annual ACM symposium on the theory of computing - STOC 1996, Philadelphia, Pennsylvania, USA, May 1996, pp. 639–648. ACM, New York (1996)CrossRefGoogle Scholar
  6. 6.
    Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., Pinkas, B.: Multicast security: A taxonomy and some efficient constructions. In: INFOCOM 1999. Proceedings of the Eighteenth Annual Joint conference of the IEEE computer and communications societies, New York, NY, March 1999, vol. 2, pp. 708–716. IEEE, Los Alamitos (1999)Google Scholar
  7. 7.
    Canetti, R., Malkin, T., Nissim, K.: Efficient communication-storage tradeoffs for multicast encryption. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 459. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Dolev, D., Dwork, C., Naor, M.: Nonmalleable Cyptography. SIAM Journal on Computing 30(2), 391–437 (2000); Preliminary version in STOC 1991zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Dwork, C., Naor, M., Reingold, O., Stockmeyer, L.: Magic Functions. Journal of the ACM 50(6), 852–921 (2003)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Gligor, V., Horvitz, D.O.: Weak Key Authenticity and the Computational Completeness of Formal Encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 530–547. Springer, Heidelberg (2003)Google Scholar
  11. 11.
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sience 28(2), 270–299 (1984); Preliminary version in Proc. of STOC 1982zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Herzog, J.C.: Computational Soundness for Standard Assumptions of Formal Cryptography. PhD thesis, Massachusetts Institute of Technology, Boston, USA (2004)Google Scholar
  13. 13.
    Impagliazzo, R., Kapron, B.: Logics for Reasoning about Cryptographic Constructions. In: Proceedings of the 44rd annual symposium on foundations of computer science - FOCS 2003, Cambridge, MA, USA, November 2003, pp. 372–383. IEEE, Los Alamitos (2003)CrossRefGoogle Scholar
  14. 14.
    Laud, P.: Symmetric Encryption in Automatic Analyses for Confidentiality against Active Adversaries. In: IEEE symposium on security and Privacy, Berkeley, CA, USA, May 2004, pp. 71–85. IEEE Computer Society, Los Alamitos (2004)CrossRefGoogle Scholar
  15. 15.
    Lincoln, P.D., Mitchell, J.C., Mitchell, M., Scedrov, A.: A probabilistic poly-time framework for protocol analysis. In: Proceedings of the fifth ACM conference on computer and communications security - CCS 1998, San Francisco, California, USA, November 1998, pp. 112–121. ACM, New York (1998)CrossRefGoogle Scholar
  16. 16.
    Micciancio, D.: Towards Computationally Sound Symbolic Security Analysis (June 2004), Tutorial. Slides available at
  17. 17.
    Micciancio, D., Panjwani, S.: Adaptive Security of Symbolic Encryption (November 2004), Full version of this paper. Available from
  18. 18.
    Micciancio, D., Panjwani, S.: Optimal communication complexity of generic multicast key distributio. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 153–170. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Micciancio, D., Warinschi, B.: Completeness theorems for the abadi-rogaway logic of encrypted expressions. Journal of Computer Security 12(1), 99–129 (2004); Preliminary version in WITS 2002Google Scholar
  20. 20.
    Micciancio, D., Warinschi, B.: Soundness of Formal Encryption in the presence of Active Adversaries. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 133–151. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar
  22. 22.
    Rafaeli, S., Hutchinson, D.: A survey of key management for secure group communication. ACM Computing Surveys 35(3), 309–329 (2003)CrossRefGoogle Scholar
  23. 23.
    Wong, C.K., Gouda, M., Lam, S.S.: Secure group communications using key graphs. IEEE/ACM Transactions on Networking 8(1), 16–30 (2000); Preliminary version in SIGCOMM 1998CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Daniele Micciancio
    • 1
  • Saurabh Panjwani
    • 1
  1. 1.University of CaliforniaSan Diego, La JollaUSA

Personalised recommendations