Abstract
Within the framework of UC (universally composable) security, a general method is presented to construct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext verification attacks). A channel protocol with using the method first invokes an ideal key-exchange protocol to get a session key, and then computes the messages with an authenticated encryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated encryption scheme is both IND-CVA secure and INT-PTXT secure. The condition about secure channel protocol in this paper is much weaker than IND-CCA secure and INT-CTXT secure. The IND-CVA can be presented for describing the privacy requirements of secure channels in detail. Moreover, the method for designing secure channel protocol in the paper reduces the UC security of secure channels, which are measured by action-simulation in the UC security framework, to the security of authenticated encryption schemes, which are measured semantically.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Canetti R, Krawczyk H. Analysis of key exchange protocols and their use for building secure channels. In: Eurocrypt’01, LNCS Vol. 2045. London: Springer-Verlag, 2001. 453–474. Extended version at http://eprint.oacr.ogr/2001/040
Canetti R, Krawczyk H. Universally composable notions of key exchange and secure channels. In: Eurocrypt’02, LNCS Vol. 2332. Berlin: Springer-Verlag, 2003. 337–351. Extended version at http://eprint.oacr.ogr/2002/059
Canetti R. Universally composable security: A new paradigm for cryptographic protocols. In: 42nd FOCS, Las Vegas, NV, USA. 2001. The latest full version available at http://eprint.iacr.org/2000/067
Goldreich O, Micali S, Wigderson A. How to play any mental game. In: 19th Symposium on Theory of Computing (STOC), New York: ACM, 1987. 218–299
Bellare M, Namprempre C. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto T, ed. Asiacrypt’00, LNCS Vol. 1976. Berlin: Springer-Verlag, 2000. 531–545
Hu Z Y, Sun F C, Jiang J C. Ciphertext verification security of symmetric encryption schemes. Sci China Ser F-Inf Sci, 2009, 52(9): 1617–1631
Krawczyk H. The order of encryption and authentication for protecting communications (or: How Security Is SSL?). In: Crypto’01, LNCS Vol. 2139. Berlin: Springer-Verlag, 2001. 310–331
Bellare M, Desai A, Jokipii E, et al. A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation. In: Proceedings of the 38th Symposium on Foundations of Computer Science, New York: IEEE, 1997
Author information
Authors and Affiliations
Corresponding author
Additional information
Supported by the National Basic Research Program of China (Grant No. G2002cb312205)
Rights and permissions
About this article
Cite this article
Hu, Z., Jiang, J. & Sun, F. Using IND-CVA for constructing secure communication. Sci. China Ser. F-Inf. Sci. 52, 1801–1811 (2009). https://doi.org/10.1007/s11432-009-0175-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11432-009-0175-9