Adaptive Security of Symbolic Encryption

Authors: Daniele Micciancio and Saurabh Panjwani.

Theory of cryptography Conference - TCC 2005. Cambridge, MA, USA. February 2005. LNCS 3378, Springer, pp. 169-187.

[BibTex] [Postscript] [PDF]


Abstract: We prove a computational soundness theorem for the symbolic analysis of cryptographic protocols which extends an analogoustheorem of Abadi and Rogaway (J. of Cryptology 15(2):103--127, 2002) to a scenario where the adversary gets to see the encryption of a sequence of adaptively chosen symbolic expressions. The extension of the theorem of Abadi and Rogaway to such an adaptive scenario is nontrivial, and raises issues related to the classic problem of selective decommitment, which do not appear in the original formulation of the theorem.

Although the theorem of Abadi and Rogaway applies only to passive adversaries, our extension to adaptive attacks makes it substantially stronger, and powerful enough to analyze the security of cryptographic protocols of practical interest. We exemplify the use of our soundness theorem in the analysis of group key distribution protocols like those that arise in multicast and broadcast applications. Specifically, we provide cryptographic definitions of security for multicast key distribution protocols both in the symbolic as well as the computational framework and use our theorem to prove soundness of the symbolic definition.