Security

Guessing Attacks and the Computational Soundness of Static Equivalence

Free registration required

Executive Summary

The indistinguishability of two pieces of data (or two lists of pieces of data) can be represented formally in terms of a relation called static equivalence. Static equivalence depends on an underlying equational theory. The choice of an inappropriate equational theory can lead to overly pessimistic or overly optimistic notions of indistinguishability, and in turn to security criteria that require protection against impossible attacks or - worse yet - that ignore feasible ones. In this paper, the authors define and justify an equational theory for standard, fundamental cryptographic operations.

  • Format: PDF
  • Size: 373.9 KB