| |
VOLUME 3, ISSUE 3, PAPER 2
|
Relating two standard notions of secrecy
|
©Véronique Cortier, Loria UMR 7503 & INRIA Lorraine projet Cassis & CNRS
©Michaël Rusinowitch, Loria UMR 7503 & INRIA Lorraine projet Cassis & CNRS
©Eugen Zălinescu, Loria UMR 7503 & INRIA Lorraine projet Cassis & CNRS
|
Abstract
Two styles of definitions are usually considered to express that a security
protocol preserves the confidentiality of a data s. Reachability-based secrecy
means that s should never be disclosed while equivalence-based secrecy states
that two executions of a protocol with distinct instances for s should be
indistinguishable to an attacker. Although the second formulation ensures a
higher level of security and is closer to cryptographic notions of secrecy,
decidability results and automatic tools have mainly focused on the first
definition so far.
This paper initiates a systematic investigation of the situations where
syntactic secrecy entails strong secrecy. We show that in the passive case,
reachability-based secrecy actually implies equivalence-based secrecy for
digital signatures, symmetric and asymmetric encryption provided that the
primitives are probabilistic. For active adversaries, we provide sufficient
(and rather tight) conditions on the protocol for this implication to hold.
|
Publication date: July 6, 2007
Full Text: PDF | PostScript
DOI: 10.2168/LMCS-3(3:2)2007
Hit Counts: 5217 |
 Creative Commons | |
