Modeling Computational Security in Long-Lived Systems

  • Ran Canetti
  • Ling Cheung
  • Dilsun Kaynar
  • Nancy Lynch
  • Olivier Pereira
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5201)


For many cryptographic protocols, security relies on the assumption that adversarial entities have limited computational power. This type of security degrades progressively over the lifetime of a protocol. However, some cryptographic services, such as timestamping services or digital archives, are long-lived in nature; they are expected to be secure and operational for a very long time (i.e. super-polynomial). In such cases, security cannot be guaranteed in the traditional sense: a computationally secure protocol may become insecure if the attacker has a super-polynomial number of interactions with the protocol.

This paper proposes a new paradigm for the analysis of long-lived security protocols. We allow entities to be active for a potentially unbounded amount of real time, provided they perform only a polynomial amount of work per unit of real time. Moreover, the space used by these entities is allocated dynamically and must be polynomially bounded. We propose a new notion of long-term implementation, which is an adaptation of computational indistinguishability to the long-lived setting. We show that long-term implementation is preserved under polynomial parallel composition and exponential sequential composition. We illustrate the use of this new paradigm by analyzing some security properties of the long-lived timestamping protocol of Haber and Kamat.


Signature Scheme Turing Machine Security Property Sequential Composition Parallel Composition 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. In: Proceedings of the 17th Annual ACM Symposium on Theory of Computing (STOC 1985), pp. 291–304 (1985)Google Scholar
  2. 2.
    Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Security and Privacy, Oakland, CA, pp. 184–200. IEEE Computer Society, Los Alamitos (2001)Google Scholar
  3. 3.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Naor, M. (ed.) Proceedings of the 42nd Annual Symposium on Foundations of Computer Science, pp. 136–145. IEEE Computer Society, Los Alamitos (2001)Google Scholar
  4. 4.
    Goldreich, O.: Foundations of Cryptography: Basic Tools, vol. 1. Cambridge University Press, Cambridge (2001) (reprint of 2003)zbMATHGoogle Scholar
  5. 5.
    Canetti, R., Cheung, L., Kaynar, D., Liskov, M., Lynch, N., Pereira, O., Segala, R.: Analyzing security protocols using time-bounded Task-PIOAs. Discrete Event Dynamic Systems 18(1), 111–159 (2008)CrossRefGoogle Scholar
  6. 6.
    Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks. In: Proceedings of 10th annual ACM Symposium on Principles of Distributed Computing (PODC 1991), pp. 51–59 (1991)Google Scholar
  7. 7.
    Anderson, R.: Two remarks on public key cryptology. Technical Report UCAM-CL-TR-549. University of Cambridge (2002)Google Scholar
  8. 8.
    Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)Google Scholar
  9. 9.
    Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Bayer, D., Haber, S., Stornetta, S.W.: Improving the efficiency and reliability of digital time-stamping. In: Capocalli, R.M., Santis, A.D., Vaccaro, U. (eds.) Sequences II: Methods in Communication, Security, and Computer Science (Proceedings of the Sequences Workshop, 1991), pp. 329–334. Springer, Heidelberg (1993)Google Scholar
  11. 11.
    Haber, S.: Long-lived digital integrity using short-lived hash functions. Technical report, HP Laboratories (2006)Google Scholar
  12. 12.
    Haber, S., Kamat, P.: A content integrity service for long-term digital archives. In: Proceedings of the IS&T Archiving Conference (2006); Also published as Technical Memo HPL-2006-54, Trusted Systems Laboratory, HP Laboratories, PrincetonGoogle Scholar
  13. 13.
    Mitchell, J., Ramanathan, A., Scedrov, A., Teague, V.: A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols. Theoretical Computer Science 353, 118–164 (2006)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Backes, M., Pfitzmann, B., Waidner, M.: Secure asynchronous reactive systems. Cryptology ePrint Archive, Report 2004/082 (2004),
  15. 15.
    Müller-Quade, J., Unruh, D.: Long-term security and universal composability. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 41–60. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Segala, R., Lynch, N.: Probabilistic simulations for probabilistic processes. Nordic Journal of Computing 2(2), 250–273 (1995)zbMATHMathSciNetGoogle Scholar
  17. 17.
    Lynch, N., Tuttle, M.: An introduction to input/output automata. CWI Quarterly 2(3), 219–246 (1989)zbMATHMathSciNetGoogle Scholar
  18. 18.
    Merritt, M., Modugno, F., Tuttle, M.R.: Time constrained automata. In: Groote, J.F., Baeten, J.C.M. (eds.) CONCUR 1991. LNCS, vol. 527, pp. 408–423. Springer, Heidelberg (1991)Google Scholar
  19. 19.
    Canetti, R., Cheung, L., Kaynar, D., Lynch, N., Pereira, O.: Modeling bounded computation in long-lived systems. Cryptology ePrint Archive, Report 2007/406 (2007),
  20. 20.
    Canetti, R., Cheung, L., Kaynar, D., Lynch, N., Pereira, O.: Compositional security for Task-PIOAs. In: Sabelfeld, A. (ed.) 20th IEEE Computer Security Foundations Symposium, pp. 125–139. IEEE Computer Society Press, Los Alamitos (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Ran Canetti
    • 1
    • 2
  • Ling Cheung
    • 2
  • Dilsun Kaynar
    • 3
  • Nancy Lynch
    • 2
  • Olivier Pereira
    • 4
  1. 1.IBM T. J. Watson Research Center 
  2. 2.Massachusetts Institute of Technology 
  3. 3.Carnegie Mellon University 
  4. 4.Université catholique de Louvain 

Personalised recommendations