Weak Key Authenticity and the Computational Completeness of Formal Encryption
A significant effort has recently been made to rigorously relate the formal treatment of cryptography with the computational one. A first substantial step in this direction was taken by Abadi and Rogaway [AR02]. Considering a formal language that treats symmetric encryption, [AR02] show that an associated formal semantics is sound with respect to an associated computational semantics, under a particular, sufficient, condition on the computational encryption scheme. In this paper, we give a necessary and sufficient condition for completeness, tightly characterizing this aspect of the exposition. Our condition involves the ability to distinguish a ciphertext and the key it was encrypted with, from a ciphertext and a random key. It is shown to be strictly weaker than a previously suggested condition for completeness (confusion-freedom of Micciancio and Warinschi [MW02]), and should be of independent interest.
KeywordsCryptography Encryption Authentication Formal Reasoning Completeness Weak Key Authenticity
- [AR02]Abadi, M., Rogaway, P.: Reconciling Two Views of Cryptography (the computational soundness of formal encryption). Journal of Cryptology 15(2), 103–128 (2000); also Watanabe, O., Hagiya, M., Ito, T., van Leeuwen, J., Mosses, P.D. (eds.) TCS 2000. LNCS, vol. 1872, p. 3–22. Springer, Heidelberg (2000)Google Scholar
- [BD97]Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation. In: Proceedings of the 38th Annual Symposium on Foundations of Computer Science, FOCS 1997 (1997)Google Scholar
- [BN00]Bellare, M., Namprempre, C.: Authenticated Encryption: Relations Among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 541–545. Springer, Heidelberg (2000)Google Scholar
- [MW02]Micciancio, D., Warinschi, B.: Completeness Theorems for the Abadi-Rogaway Language of Encrypted Expressions. In: Journal of Computer Security (to appear); Also in Proceedings of the Workshop on Issues in the Theory of Security (2002)Google Scholar