Composition of Cryptographic Protocols in a Probabilistic Polynomial-Time Process Calculus

  • P. Mateus
  • J. Mitchell
  • A. Scedrov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2761)


We describe a probabilistic polynomial-time process calculus for analyzing cryptographic protocols and use it to derive compositionality properties of protocols in the presence of computationally bounded adversaries. We illustrate these concepts on oblivious transfer, an example from cryptography. We also compare our approach with a framework based on interactive Turing machines.


cryptographic protocols probabilistic process calculus computational security composition theorem 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Gordon, A.: A calculus for cryptographic protocols: the spi-calculus. Information and Computation 143, 1–70 (1999)CrossRefMathSciNetGoogle Scholar
  2. 2.
    Abadi, M., Rogaway, P.: Reconciling two views of cryptography (The computational soundness of formal encryption). Journal of Cryptology 15(2), 103–127 (2002)zbMATHMathSciNetGoogle Scholar
  3. 3.
    Backes, M., Jacobi, C., Pfitzmann, B.: Deriving cryptographically sound implementations using composition and formally verified bisimulation. In: Formal Methods Europe. LNCS, vol. 2931, pp. 310–329. Springer, Heidelberg (2002)Google Scholar
  4. 4.
    Backes, M., Pfitzmann, B., Waidner, M.: Universally composable cryptographic library. Manuscript available on as 2003/015 (2003)
  5. 5.
    Beaver, D.: Foundations of secure interactive computing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 377–391. Springer, Heidelberg (1992)Google Scholar
  6. 6.
    Beaver, D.: Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority. Journal of Cryptology 4, 75–122 (1991)zbMATHCrossRefGoogle Scholar
  7. 7.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42-nd Annual Symposium on Foundations of Computer Science (FOCS), pp. 136–145. IEEE Press, Los Alamitos (2001), Full paper available at as 2000/067Google Scholar
  8. 8.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable twoparty and multi-party secure computation. In: 34-th ACM Symposium on Theory of Computing, pp. 484–503 (2002), Full paper available at as 2002/140
  10. 10.
    Dolev, D., Yao, A.: On the security of public-key protocols. In: Proc. 22-nd Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 350–357 (1981)Google Scholar
  11. 11.
    ElGamal, T.: A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory IT-31, 469–472 (1985)CrossRefMathSciNetGoogle Scholar
  12. 12.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Communications of the ACM 28(6), 637–647 (1985)CrossRefMathSciNetGoogle Scholar
  13. 13.
    Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge Univ. Press, Cambridge (2001)zbMATHCrossRefGoogle Scholar
  14. 14.
    Goldreich, O.: Foundations of Cryptography – Vol. 2. Working Draft of Ch. 7 (2003), Available at
  15. 15.
    Goldwasser, S., Levin, L.: Fair computation of general functions in presence of immoral majority. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 77–93. Springer, Heidelberg (1991)Google Scholar
  16. 16.
    Lincoln, P., Mitchell, J., Mitchell, M., Scedrov, A.: Probabilistic polynomialtime framework for protocol analysis. In: Reiter, M. (ed.) 5-th ACM Conferece on Computer and Communication Security, pp. 112–121. ACM Press, New York (1998)CrossRefGoogle Scholar
  17. 17.
    Lincoln, P., Mitchell, J., Mitchell, M., Scedrov, A.: Probabilistic polynomialtime equivalence and security analysis. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 776–793. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  18. 18.
    Lynch, N.: Distributed Algorithms. Morgan Kaufman, San Francisco (1996)zbMATHGoogle Scholar
  19. 19.
    Mateus, P., Pacheco, A., Pinto, J., Sernadas, A., Sernadas, C.: Probabilistic situation calculus. Annals of Mathematics and Artificial Intelligence 32(1), 393–431 (2001)CrossRefMathSciNetGoogle Scholar
  20. 20.
    Micali, S., Rogaway, P.: Secure computation. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 392–404. Springer, Heidelberg (1992)Google Scholar
  21. 21.
    Milner, R.: Communication and Concurrency. Prentice-Hall, Englewood Cliffs (1989)zbMATHGoogle Scholar
  22. 22.
    Mitchell, J., Mitchell, M., Scedrov, A.: A linguistic characterization of bounded oracle computation and probabilistic polynomial time. In: 39-th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 725–733. IEEE Computer Society Press, Los Alamitos (1998)Google Scholar
  23. 23.
    Mitchell, J., Ramanathan, A., Scedrov, A., Teague, V.: A probabilistic polynomial-time calculus for analysis of cryptographic protocols. Electronic Notes in Theoretical Computer Science 45 (2001)Google Scholar
  24. 24.
    Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communications of the ACM 21(12), 993–999 (1978)zbMATHCrossRefGoogle Scholar
  25. 25.
    Pfitzmann, B., Schunter, M., Waidner, M.: Cryptographic security of reactive systems. Electronic Notes in Theoretical Computer Science 32 (2000)Google Scholar
  26. 26.
    Pfitzmann, B., Waidner, M.: Composition and integrity preservation of secure reactive systems. In: 7-th ACM Conference on Computer and Communications Security, pp. 245–254. ACM Press, New York (2000)CrossRefGoogle Scholar
  27. 27.
    Rabin, M.: How to exchange secrets by oblivious transfer. Tech. memo TR-81, Aiken Computation Laboratory, Harvard U (1981)Google Scholar
  28. 28.
    Roscoe, A.W.: Modelling and verifying key-exchange protocols using CSP and FDR. In: 8-th IEEE Computer Security Foundations Workshop (CSFW). IEEE Computer Society Press, Los Alamitos (1995)Google Scholar
  29. 29.
    Schneider, S.: Security properties and CSP. In: IEEE Symposium Security and Privacy (1996)Google Scholar
  30. 30.
    Yao, A.: Theory and applications of trapdoor functions. In: 23-rd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 80–91. IEEE Press, Los Alamitos (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • P. Mateus
    • 1
  • J. Mitchell
    • 2
  • A. Scedrov
    • 3
  1. 1.ISTCenter for Logic and ComputationLisbonPortugal
  2. 2.Department of Computer ScienceStanford UniversityStanfordUSA
  3. 3.Department of MathematicsUniversity of PennsylvaniaPhiladelphiaUSA

Personalised recommendations