IACR News item: 14 December 2012
Gilles Barthe, Juan Manuel Crespo, Benjamin Grégoire, César Kunz, Yassine Lakhnech, Santiago Zanella-Béguelin
ePrint Reportadvocates the use of principled tools for building machine-checked
security proofs of cryptographic constructions. Existing tools
following this approach, such as EasyCrypt or CryptoVerif, fall short
of finding proofs automatically for many interesting constructions. In
fact, devising automated methods for analyzing the security of large
classes of cryptographic constructions is a long-standing problem
which precludes a systematic exploration of the space of possible
designs. This paper addresses this issue for padding-based encryption
schemes, a class of public-key encryption schemes built from hash
functions and trapdoor permutations, which includes widely used
constructions such as RSA-OAEP.
Firstly, we provide algorithms to search for proofs of security
against chosen-plaintext and chosen-ciphertext attacks in the random
oracle model. These algorithms are based on domain-specific logics
with a computational interpretation and yield quantitative security
guarantees; for proofs of chosen-plaintext security, we output
machine-checked proofs in EasyCrypt. Secondly, we provide a crawler
for exhaustively exploring the space of padding-based encryption
schemes under user-specified restrictions (e.g. on the size of their
description), using filters to prune the search space. Lastly, we
provide a calculator that computes the security level and efficiency
of provably secure schemes that use RSA as trapdoor permutation.
Using these three tools, we explore over 1.3 million encryption
schemes, including more than 100 variants of OAEP studied in the
literature, and prove chosen-plaintext and chosen-ciphertext security
for more than 250,000 and 17,000 schemes, respectively.
Additional news items may be found on the IACR news page.