Unifying Simulatability Definitions in Cryptographic Systems under Different Timing Assumptions

  • Michael Backes
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2761)


The cryptographic concept of simulatability has become a salient technique for faithfully analyzing and proving security properties of arbitrary cryptographic protocols. We investigate the relationship between simulatability in synchronous and asynchronous frameworks by means of the formal models of Pfitzmann et. al., which are seminal in using this concept in order to bridge the gap between the formal-methods and the cryptographic community. We show that the synchronous model can be seen as a special case of the asynchronous one with respect to simulatability, i.e., we present an embedding between both models that we show to preserve simulatability. We show that this result allows for carrying over lemmas and theorems that rely on simulatability from the asynchronous model to its synchronous counterpart without any additional work. Hence future work can concentrate on the more general asynchronous case, without having to neglect the analysis of synchronous protocols.


Cryptographic Protocol Synchronous Machine Cryptographic Primitive Cryptographic System Synchronous Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. Information and Computation 148(1), 1–70 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Abadi, M., Jürjens, J.: Formal eavesdropping and its computational interpretation. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, pp. 82–94. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Abadi, M., Rogaway, P.: Reconciling two views of cryptography: The computational soundness of formal encryption. In: Watanabe, O., Hagiya, M., Ito, T., van Leeuwen, J., Mosses, P.D. (eds.) TCS 2000. LNCS, vol. 1872, pp. 3–22. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Backes, M., Jacobi, C.: Cryptographically sound and machine-assisted verification of security protocols. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 675–686. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Backes, M., Jacobi, C., Pfitzmann, B.: Deriving cryptographically sound implementations using composition and formally verified bisimulation. In: Eriksson, L.-H., Lindsay, P.A. (eds.) FME 2002. LNCS, vol. 2391, pp. 310–329. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Backes, M., Pfitzmann, B., Waidner, M.: A universally composable cryptographic library. IACR Cryptology ePrint Archive 2003/015 (January 2003),
  7. 7.
    Beaver, D.: Secure multiparty protocols and zero knowledge proof systems tolerating a faulty minority. Journal of Cryptology 4(2), 75–122 (1991)zbMATHCrossRefGoogle Scholar
  8. 8.
    Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols. In: Proc. 30th Annual ACM Symposium on Theory of Computing (STOC), pp. 419–428 (1998)Google Scholar
  9. 9.
    Burrows, M., Abadi, M., Needham, R.: A logic for authentication. Technical Report 39, SRC DIGITAL (1990)Google Scholar
  10. 10.
    Canetti, R.: Studies in secure multiparty computation and applications. Department of Computer Science and Applied Mathematics, The Weizmann Institute of Science, June 1995, revised March 1996 (1995)Google Scholar
  11. 11.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. Journal of Cryptology 3(1), 143–202 (2000)CrossRefMathSciNetGoogle Scholar
  12. 12.
    Canetti, R.: Universally composable security:A new paradigm for cryptographic protocols. In: Proc. 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 136–145 (2001)Google Scholar
  13. 13.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. In: Proc. 30th Annual ACM Symposium on Theory of Computing (STOC), pp. 409–418 (1998)Google Scholar
  15. 15.
    Goldwasser, S., Levin, L.: Fair computation of general functions in presence of immoral majority. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 77–93. Springer, Heidelberg (1991)Google Scholar
  16. 16.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal on Computing 18(1), 186–207 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Guttman, J.D., Thayer Fabrega, F.J., Zuck, L.: The faithfulness of abstract protocol analysis: Message authentication. In: Proc. 8th ACM Conference on Computer and Communications Security, pp. 186–195 (2001)Google Scholar
  18. 18.
    Hoare, C.A.R.: Communicating Sequential Processes. International Series in Computer Science. Prentice Hall, Hemel Hempstead (1985)zbMATHGoogle Scholar
  19. 19.
    Laud, P.: Semantics and program analysis of computationally secure information flow. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 77–91. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Google Scholar
  21. 21.
    Lynch, N.: Distributed Algorithms. Morgan Kaufmann Publishers, San Francisco (1996)zbMATHGoogle Scholar
  22. 22.
    Millen, J.K.: The interrogator: A tool for cryptographic protocol security. In: Proc. 5th IEEE Symposium on Security & Privacy, pp. 134–141 (1984)Google Scholar
  23. 23.
    Neuman, B., Ts’o, T.: Kerberos: An authentication service for computer networks. IEEE Communications Magazine 32(9), 33–38 (1994)CrossRefGoogle Scholar
  24. 24.
    Neveu, J.: Mathematical Foundations of the Calculus of Probability. Holden-Day (1965)Google Scholar
  25. 25.
    Owre, S., Shankar, N., Rushby, J.M.: PVS: A prototype verification system. In: Kapur, D. (ed.) CADE 1992. LNCS, vol. 607, pp. 748–752. Springer, Heidelberg (1992)Google Scholar
  26. 26.
    Paulson, L.: The inductive approach to verifying cryptographic protocols. Journal of Cryptology 6(1), 85–128 (1998)Google Scholar
  27. 27.
    Pfitzmann, B., Schunter, M., Waidner, M.: Cryptographic security of reactive systems. Presented at the DERA/RHUL Workshop on Secure Architectures and Information Flow, 1999, Electronic Notes in Theoretical Computer Science (ENTCS) (March 2000),
  28. 28.
    Pfitzmann, B., Schunter, M., Waidner, M.: Secure reactive systems. Research Report RZ 3206, IBM Research (2000)Google Scholar
  29. 29.
    Pfitzmann, B., Waidner, M.: Composition and integrity preservation of secure reactive systems. In: Proc. 7th ACM Conference on Computer and Communications Security, pp. 245–254 (2000)Google Scholar
  30. 30.
    Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: Proc. 22nd IEEE Symposium on Security & Privacy, pp. 184–200 (2001)Google Scholar
  31. 31.
    Segala, R., Lynch, N.: Probabilistic simulation for probabilistic processes. Nordic Journal of Computing 2(2), 250–273 (1995)zbMATHMathSciNetGoogle Scholar
  32. 32.
    Volpano, D., Smith, G.: Verifying secrets and relative secrecy. In: Proc. 27th Symposium on Principles of Programming Languages (POPL), pp. 268–276 (2000)Google Scholar
  33. 33.
    Wu, S.-H., Smolka, S.A., Stark, E.W.: Composition and behaviors of probabilistic I/O automata. Theoretical Computer Science 176(1–2), 1–38 (1997)zbMATHCrossRefMathSciNetGoogle Scholar
  34. 34.
    Yao, A.C.: Theory and applications of trapdoor functions. In: Proc. 23rd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 80–91 (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Michael Backes
    • 1
  1. 1.IBM Zurich Research LaboratoryRüschlikonSwitzerland

Personalised recommendations