Comparing Two Notions of Simulatability

  • Dennis Hofheinz
  • Dominique Unruh
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3378)

Abstract

In this work, relations between the security notions standard simulatability and universal simulatability for cryptographic protocols are investigated.

A simulatability-based notion of security considers a protocol π as secure as an idealization τ of the protocol task, if and only if every attack on π can be simulated by an attack on τ.

Two formalizations, which both provide secure composition of protocols, are common: standard simulatability means that for every π-attack and protocol user H, there is a τ-attack, such that H cannot distinguish π from τ. Universal simulatability means that for every π-attack, there is a τ-attack, such that no protocol user H can distinguish π from τ.

Trivially, universal simulatability implies standard simulatability. We show: the converse is true with respect to perfect security, but not with respect to computational or statistical security.

Besides, we give a formal definition of a time-lock puzzle, which may be of independent interest. Although the described results do not depend on any computational assumption, we show that the existence of a time-lock puzzle gives an even stronger separation of standard and universal simulatability with respect to computational security.

Keywords

Reactive simulatability universal simulatability protocol composition 

References

  1. [Bac04]
    Backes, M.: E-mail communication with the authors (June 2004)Google Scholar
  2. [BPW04a]
    Backes, M., Pfitzmann, B., Waidner, M.: A general composition theorem for secure reactive systems. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 336–354. Springer, Heidelberg (2004), Online available at http://www.zurich.ibm.com/security/publications/2004/BaPfWa2004MoreGeneralComposition.pdf CrossRefGoogle Scholar
  3. [BPW04b]
    Backes, M., Pfitzmann, B., Waidner, M.: Secure asynchronous reactive systems. IACR ePrint Archive (March 2004), Online available at http://eprint.iacr.org/2004/082.ps
  4. [Can00]
    Canetti, R.: Security and composition of multi-party cryptographic protocols. Journal of Cryptology 3(1), 143–202 (2000), Full version online available at http://eprint.iacr.org/1998/018.ps CrossRefMathSciNetGoogle Scholar
  5. [Can01]
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42th Annual Symposium on Foundations of Computer Science, Proceedings of FOCS 2001, pp. 136–145. IEEE Computer Society, Los Alamitos (2001), Full version online available at http://eprint.iacr.org/2000/067.ps Google Scholar
  6. [Can04]
    Canetti, R.: Personal communication with one of the authors at TCC (February 2004)Google Scholar
  7. [CLOS02]
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: 34th Annual ACM Symposium on Theory of Computing, Proceedings of STOC 2002, pp. 494–503. ACM Press, New York (2002), Extended abstract, full version online available at http://eprint.iacr.org/2002/140.ps CrossRefGoogle Scholar
  8. [Lin03]
    Lindell, Y.: General composition and universal composability in secure multi-party computation. In: 44th Annual Symposium on Foundations of Computer Science, Proceedings of FOCS 2003, pp. 394–403. IEEE Computer Society, Los Alamitos (2003), Online available at http://www.research.ibm.com/people/l/lindell/PAPERS/ gc-uc.ps.gz CrossRefGoogle Scholar
  9. [PW00]
    Pfitzmann, B., Waidner, M.: Composition and integrity preservation of secure reactive systems. In: 7th ACM Conference on Computer and Communications Security, Proceedings of CCS 2000, pp. 245–254. ACM Press, New York (2000), Extended version online available at http://www.semper.org/sirene/publ/PfWa_00CompInt.ps.gz CrossRefGoogle Scholar
  10. [PW01]
    Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Security and Privacy, Proceedings of SSP 2001, pp. 184–200. IEEE Computer Society, Los Alamitos (2001), Full version online available at http://eprint.iacr.org/2000/066.ps CrossRefGoogle Scholar
  11. [RSW96]
    Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and timed-release crypto. Technical Report MIT/LCS/TR-684, Massachusetts Institute of Technology (February 1996), Online available at http://theory.lcs.mit.edu/~rivest/RivestShamirWagner-timelock.ps

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Dennis Hofheinz
    • 1
  • Dominique Unruh
    • 1
  1. 1.IAKS, Arbeitsgruppe Systemsicherheit, Prof. Dr. Th. Beth, Fakultät für InformatikUniversität KarlsruheKarlsruheGermany

Personalised recommendations