Conditional Observational Equivalence and off-Line Guessing Attacks in Multiset Rewriting

Title:Conditional Observational Equivalence and off-Line Guessing Attacks in Multiset Rewriting

Conference:CSF22

Tags:EKE, multiset rewriting, observational equivalence, off-line guessing and PAKE

Abstract:

We propose conditional observational equivalence --- a variant of observational equivalence that is more flexible since it can be made dependent on arbitrary safety trace properties. We extend an existing method for verifying observational equivalence in the multiset rewriting setting with the ability to handle conditions. Our extension can automatically verify conditional observational equivalence for a simple class of conditions that depend only on the structure of the execution. By using conditional observational equivalence, we give the first method for verifying off-line guessing resistance in the multiset rewriting setting and apply it to analyze and verify the properties of EAP-EKE, a password-authenticated key exchange (PAKE) protocol.