Advertisement

Conditional Reactive Simulatability

  • Michael Backes
  • Markus Dürmuth
  • Dennis Hofheinz
  • Ralf Küsters
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4189)

Abstract

Simulatability has established itself as a salient notion for defining and proving the security of cryptographic protocols since it entails strong security and compositionality guarantees, which are achieved by universally quantifying over all environmental behaviors of the analyzed protocol. As a consequence, however, protocols that are secure except for certain environmental behaviors are not simulatable, even if these behaviors are efficiently identifiable and thus can be prevented by the surrounding protocol.

We propose a relaxation of simulatability by conditioning the permitted environmental behaviors, i.e., simulation is only required for environmental behaviors that fulfill explicitly stated constraints. This yields a more fine-grained security definition that is achievable for several protocols for which unconditional simulatability is too strict a notion, or at lower cost for the underlying cryptographic primitives. Although imposing restrictions on the environment destroys unconditional composability in general, we show that the composition of a large class of conditionally simulatable protocols yields protocols that are again simulatable under suitable conditions. This even holds for the case of cyclic assume-guarantee conditions where protocols only guarantee suitable behavior if they themselves are offered certain guarantees. Furthermore, composing several commonly investigated protocol classes with conditionally simulatable subprotocols yields protocols that are again simulatable in the standard, unconditional sense.

Keywords

Encryption Scheme Safety Property Cryptographic Protocol Conditional Simulatability Symmetric Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M., Lamport, L.: Conjoining specifications. ACM Transactional on Programmming Languages and Systems 17(3), 507–534 (1995)CrossRefGoogle Scholar
  2. 2.
    Backes, M., Dürmuth, M., Hofheinz, D., Küsters, R.: Conditional Reactive Simulatability. Technical Report 132, Cryptology ePrint Archive (2006), Online available at: http://eprint.iacr.org/2006/132.ps
  3. 3.
    Backes, M., Pfitzmann, B.: Symmetric encryption in a simulatable dolev-yao style cryptographic library. In: 17th IEEE Computer Security Foundations Workshop, Proceedings of CSFW 2004, pp. 204–218. IEEE Computer Society, Los Alamitos (2004)CrossRefGoogle Scholar
  4. 4.
    Backes, M., Pfitzmann, B.: Limits of the cryptographic realization of dolev-yao-style XOR. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 178–196. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Backes, M., Pfitzmann, B., Scedrov, A.: Key-dependent message security under active attacks. ePrint Archive, 2005/421 (2006)Google Scholar
  6. 6.
    Backes, M., Pfitzmann, B., Waidner, M.: A composable cryptographic library with nested operations. In: 10th ACM Conference on Computer and Communications Security, Proceedings of CCS 2003, pp. 220–230. ACM Press, New York (2003) (extended abstract)CrossRefGoogle Scholar
  7. 7.
    Backes, M., Pfitzmann, B., Waidner, M.: A general composition theorem for secure reactive systems. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 336–354. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Backes, M., Pfitzmann, B., Waidner, M.: Secure asynchronous reactive systems. IACR ePrint Archive (March 2004)Google Scholar
  9. 9.
    Backes, M., Pfitzmann, B., Waidner, M.: Limits of the Reactive Simulatability/UC of Dolev-Yao models with hashes. Cryptology ePrint Archive 2006/068 (2006)Google Scholar
  10. 10.
    Barak, B., Sahai, A.: How to play almost any mental game over the net — concurrent composition via super-polynomial simulation. In: 46th Annual Symposium on Foundations of Computer Science, Proceedings of FOCS 2005, pp. 543–552. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  11. 11.
    Beaver, D.: Foundations of secure interactive computing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 377–391. Springer, Heidelberg (1992)Google Scholar
  12. 12.
    Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Bellare, M., Rogaway, P.: Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42th Annual Symposium on Foundations of Computer Science, Proceedings of FOCS 2001, pp. 136–145. IEEE Computer Society, Los Alamitos (2001)Google Scholar
  15. 15.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. IACR ePrint Archive, Full and revised version of [14] (January 2005)Google Scholar
  16. 16.
    Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: 34th Annual ACM Symposium on Theory of Computing, Proceedings of STOC 2002, pp. 494–503. ACM Press, New York (2002) (extended abstract)CrossRefGoogle Scholar
  18. 18.
    Datta, A., Derek, A., Mitchell, J.C., Ramanathan, A., Scedrov, A.: Games and the impossibility of realizable ideal functionality. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 360–379. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Datta, A., Küsters, R., Mitchell, J.C., Ramanathan, A.: On the relationships between notions of simulation-based security. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 476–494. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Giannakopoulou, D., Pasareanu, C.S., Cobleigh, J.M.: Assume-guarantee verification of source code with design-level assumptions. In: Proceedings 26th International Conference on Software Engineering, pp. 211–220 (2004)Google Scholar
  21. 21.
    Gligor, V.D., Donescu, P.: Fast encryption and authentication: XCBC encryption and XECB authentication modes. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, p. 92. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  22. 22.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game—a completeness theorem for protocols with honest majority. In: Nineteenth Annual ACM Symposium on Theory of Computing, Proceedings of STOC 1987, pp. 218–229. ACM Press, New York (1987) (extended abstract)CrossRefGoogle Scholar
  23. 23.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal on Computing 18(1), 186–208 (1989)CrossRefMathSciNetMATHGoogle Scholar
  24. 24.
    Hinton, H.: Composing partially-specified systems. In: IEEE Symposium on Security and Privacy, Proceedings of SSP 1998, pp. 27–39. IEEE Computer Society, Los Alamitos (1998)Google Scholar
  25. 25.
    Hofheinz, D., Müller-Quade, J.: Universally composable commitments using random oracles. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 58–76. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  26. 26.
    Jones, C.: Specification and design of (parallel) programs. In: Information Processing 83: Proceedings 9th IFIP World Congress, pp. 321–322 (1983)Google Scholar
  27. 27.
    Jutla, C.S.: Encryption modes with almost free message integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529–544. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    Lindell, Y.: General composition and universal composability in secure multi-party computation. In: 44th Annual Symposium on Foundations of Computer Science, Proceedings of FOCS 2003, pp. 394–403. IEEE Computer Society, Los Alamitos (2003)CrossRefGoogle Scholar
  29. 29.
    Lindell, Y., Lysyanskaya, A., Rabin, T.: On the composition of authenticated byzantine agreement. In: 34th Annual ACM Symposium on Theory of Computing, Proceedings of STOC 2002, pp. 514–523. ACM Press, New York (2002)CrossRefGoogle Scholar
  30. 30.
    Micali, S., Rogaway, P.: Secure computation. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 392–404. Springer, Heidelberg (1992)Google Scholar
  31. 31.
    Misra, J., Chandy, M.: Proofs of networks of processes. IEEE Transactions of Software Engineering 7(4), 417–426 (1981)CrossRefMathSciNetGoogle Scholar
  32. 32.
    Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Security and Privacy, Proceedings of SSP 2001, pp. 184–200. IEEE Computer Society, Los Alamitos (2001)CrossRefGoogle Scholar
  33. 33.
    Prabhakaran, M., Sahai, A.: New notions of security: Achieving universal composability without trusted setup. In: 36th Annual ACM Symposium on Theory of Computing, Proceedings of STOC 2004, pp. 242–251. ACM Press, New York (2004)CrossRefGoogle Scholar
  34. 34.
    Yao, A.C.-C.: Theory and applications of trapdoor functions. In: 23th Annual Symposium on Foundations of Computer Science, Proceedings of FOCS 1982, pp. 80–91. IEEE Computer Society, Los Alamitos (1982)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Michael Backes
    • 1
  • Markus Dürmuth
    • 1
  • Dennis Hofheinz
    • 2
  • Ralf Küsters
    • 3
  1. 1.Saarland University 
  2. 2.Cryptology and Information Security Group, Prof. Dr. R. CramerCWI 
  3. 3.Christian-Albrechts-Universität zu Kiel 

Personalised recommendations