| | |
Summary: Guessing Attacks and the Computational
Soundness of Static Equivalence
Mart´in Abadi1
, Mathieu Baudet2
, and Bogdan Warinschi3
1
University of California, Santa Cruz
2
LSV, CNRS & INRIA Futurs projet SECSI & ENS Cachan, France
3
Loria, INRIA, Nancy, France
Abstract. The indistinguishability of two pieces of data (or two lists of
pieces of data) can be represented formally in terms of a relation called
static equivalence. Static equivalence depends on an underlying equa-
tional theory. The choice of an inappropriate equational theory can lead
to overly pessimistic or overly optimistic notions of indistinguishability,
and in turn to security criteria that require protection against impossi-
ble attacks or--worse yet--that ignore feasible ones. In this paper, we
define and justify an equational theory for standard, fundamental cryp-
tographic operations. This equational theory yields a notion of static
|
