Secure Information Flow with Password-based Encryption

Yassine LAKHNECH (VERIMAG)

lakhnech@imag.fr 

Type systems for secure information flow aim to prevent a program from leaking information from variables that hold secret data to variables that hold public data. In this work we present a type system to adress deterministic encryption} and password based encryption. The intuition that encrypting a secret yields a public value, that can be stored in a public variable, is faithfull for probabilistic encryption but erroneous for deterministic encryption. Our type system for deterministic encryption builds upon a more complete account for randomly generated values and their use. Then, we extend the type system for password based encryption that additionally to the fact that it is deterministic suffers from the problem that passwords are taken in small sets. In this case, the type system ensures that off-line attacks are not feasable.