Advertisement

Games and the Impossibility of Realizable Ideal Functionality

  • Anupam Datta
  • Ante Derek
  • John C. Mitchell
  • Ajith Ramanathan
  • Andre Scedrov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3876)

Abstract

A cryptographic primitive or a security mechanism can be specified in a variety of ways, such as a condition involving a game against an attacker, construction of an ideal functionality, or a list of properties that must hold in the face of attack. While game conditions are widely used, an ideal functionality is appealing because a mechanism that is indistinguishable from an ideal functionality is therefore guaranteed secure in any larger system that uses it. We relate ideal functionalities to games by defining the set of ideal functionalities associated with a game condition and show that under this definition, which reflects accepted use and known examples, bit commitment, a form of group signatures, and some other cryptographic concepts do not have any realizable ideal functionality.

Keywords

Function Call Ideal Functionality Game Condition Impossibility Result Symmetric Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: Security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 259–274. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: the SPI calculus. Information and Computation 143, 1–70 (1999); Expanded version available as SRC Research Report 149 (January 1998)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: FOCS 2001: Proceedings of the 42nd IEEE symposium on Foundations of Computer Science, p. 136 (2001), Full version available at, http://eprint.iacr.org/
  4. 4.
    Lincoln, P., Mitchell, J.C., Mitchell, M., Scedrov, A.: A probabilistic poly-time framework for protocol analysis. In: ACM Conference on Computer and Communications Security, pp. 112–121 (1998)Google Scholar
  5. 5.
    Pfitzmann, B., Waidner, M.: Composition and integrity preservation of secure reactive systems. In: ACM Conference on Computer and Communications Security, pp. 245–254 (2000)Google Scholar
  6. 6.
    Backes, M., Pfitzmann, B., Waidner, M.: A composable cryptographic library with nested operations. In: CCS 2003: Proceedings of the 10th ACM conference on Computer and communications security, pp. 220–230. ACM Press, New York (2003)Google Scholar
  7. 7.
    Backes, M., Pfitzmann, B., Waidner, M.: A general composition theorem for secure reactive systems. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 336–354. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004), http://eprint.iacr.org/2004/332
  9. 9.
    Backes, M., Hofheinz, D.: How to break and repair a universally composable signature functionality. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 61–72. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Canetti, R.: Universally composable signature, certification, and authentication. In: CSFW 2004: Proceedings of the 17th IEEE Computer Security Foundations Workshop, pp. 219–233. IEEE Computer Society, Los Alamitos (2004)CrossRefGoogle Scholar
  11. 11.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal on Computing 18(1), 186–208 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, Cambridge (2000)zbMATHGoogle Scholar
  13. 13.
    Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Canetti, R., Kushilevitz, E., Lindell, Y.: On the limitations of universally composable two-party computation without set-up assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 68–86. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Milner, R.: Communication and Concurrency. International Series in Computer Science. Prentice Hall, Englewood Cliffs (1989)zbMATHGoogle Scholar
  17. 17.
    van Glabbeek, R.J., Smolka, S.A., Steffen, B.: Reactive, generative, and stratified models of probabilistic processes. International Journal on Information and Computation 121(1) (1995)Google Scholar
  18. 18.
    Ramanathan, A., Mitchell, J.C., Scedrov, A., Teague, V.: Probabilistic bisimulation and equivalence for security analysis of network protocols. In: Walukiewicz, I. (ed.) FOSSACS 2004. LNCS, vol. 2987, pp. 468–483. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Mitchell, J.C., Mitchell, M., Scedrov, A.: A linguistic characterization of bounded oracle computation and probabilistic polynomial time. In: FOCS 1998: Proceedings of the 39th Annual IEEE Symposium on the Foundations of Computer Science, pp. 725–733. IEEE Computer Society, Los Alamitos (1998)Google Scholar
  20. 20.
    Lincoln, P.D., Mitchell, J.C., Mitchell, M., Scedrov, A.: Probabilistic polynomialtime equivalence and security protocols. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 776–793. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  21. 21.
    Mitchell, J.C., Ramanathan, A., Scedrov, A., Teague, V.: A probabilistic polynomial-time calculus for the analysis of cryptographic protocols (preliminary report). In: 17th Annual Conference on the Mathematical Foundations of Programming Semantics. Electronic notes in Theoretical Computer Science, vol. 45 (2001)Google Scholar
  22. 22.
    Ramanathan, A., Mitchell, J.C., Scedrov, A., Teague, V.: Probabilistic bisimulation and equivalence for security analysis of network protocols (unpublished, 2003), http://www-cs-students.stanford.edu/~ajith/
  23. 23.
    Datta, A., Küsters, R., Mitchell, J.C., Ramanathan, A., Shmatikov, V.: Unifying equivalence-based definitions of protocol security. In: 2004 IFIP WG 1.7, ACM SIGPLAN and GI FoMSESS Workshop on Issues in the Theory of Security (WITS 2004) (2004)Google Scholar
  24. 24.
    Datta, A., Küsters, R., Mitchell, J.C., Ramanathan, A.: On the relationships between notions of simulation-based security. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 476–494. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. 25.
    Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  26. 26.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable twoparty and multi-party secure computation. In: STOC 2002: Proceedings of the 34th annual ACM symposium on Theory of computing, pp. 494–503. ACM Press, New York (2002)Google Scholar
  27. 27.
    Naor, M.: Bit commitment using pseudorandomness. Journal of Cryptology 4(2), 151–158 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Backes, M., Pfitzmann, B.: Symmetric encryption in a simulatable Dolev-Yao style cryptographic library. In: CSFW 2004: Proceedings of the 17th IEEE Computer Security Foundations Workshop, pp. 204–218. IEEE Computer Society, Los Alamitos (2004)CrossRefGoogle Scholar
  29. 29.
    Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: A block-cipher mode of operation for efficient authenticated encryption. In: CCS 2001: Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 196–205. ACM Press, New York (2001)Google Scholar
  30. 30.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  31. 31.
    Maurer, U.M.: Indistinguishability of random systems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 110–132. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  32. 32.
    Prabhakaran, M., Sahai, A.: New notions of security: Achieving universal composability without trusted setup. In: STOC 2004: Proceedings of the 36th annual ACM symposium on Theory of computing, pp. 242–251. ACM Press, New York (2004)Google Scholar
  33. 33.
    Prabhakaran, M., Sahai, A.: Relaxing environmental security: Monitored functionalities. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 104–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  34. 34.
    Datta, A., Derek, A., Mitchell, J.C., Pavlovic, D.: A derivation system and compositional logic for security protocols. Journal of Computer Security 13, 423–482 (2005)CrossRefGoogle Scholar
  35. 35.
    He, C., Sundararajan, M., Datta, A., Derek, A., Mitchell, J.C.: A modular correctness proof of TLS and IEEE 802.11i. In: ACM Conference on Computer and Communications Security (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Anupam Datta
    • 1
  • Ante Derek
    • 1
  • John C. Mitchell
    • 1
  • Ajith Ramanathan
    • 1
  • Andre Scedrov
    • 2
  1. 1.Stanford UniversityUSA
  2. 2.University of PennsylvaniaUSA

Personalised recommendations