On the Relationships between Notions of Simulation-Based Security (original) (raw)
Related papers
Secure Computation in a Probabilistic Polynomial-Time Process Calculus
2001
In this paper, we present a general definition for secure computation following the general paradigm: a protocol is secure iff it can emulate an ideal protocol. We start by adopting the probabilistic polynomial-time process calculus, originally presented in [LMMS98], as the natural language to specify protocols. Given the nature of the adversaries together with the secrecy requirements of secure computation protocols, we need to augment the calculus with local output channels and priority terms. Capitalizing on the semantics of the calculus, we extract a Markov process of observations and establish the notion of emulation. After representing the ideal secure computation protocol in the calculus, we present the concept of secure computation via emulation and obtain the associated composition theorem, encompassing both active and passive adversaries. To illustrate the concepts and results in an intuitive and simple manner, we focus the simpler case of oblivious transfer (OT). Finally, we show that our concept of secure OT is equivalent to the concept formalized by Canetti in [Can00], which is based on interactive Turing machines, and discuss the advantages and simplifications introduced by this work.
Composition of Cryptographic Protocols in a Probabilistic Polynomial-Time Process Calculus
2003
We describe a probabilistic polynomial-time process calculus for analyzing cryptographic protocols and use it to derive compositionality properties of protocols in the presence of computationally bounded adversaries. We illustrate these concepts on oblivious transfer, an example from cryptography. We also compare our approach with a framework based on interactive Turing machines.
A Distributed Process Model of Cryptographic Protocols
ArXiv, 2021
Cryptographic Protocols (CP) are distributed algorithms intended for secure communication in an insecure environment. They are used, for example, in electronic payments, electronic voting procedures, systems of confidential data processing, etc. Errors in CPs can bring to great financial and social damage, therefore it is necessary to use mathematical methods to substantiate the correctness and safety of CPs. In this paper, a distributed process model of CPs is presented, which allows one to formally describe CPs and their properties. It is shown how to solve the problems of verification of CPs on the base of this model.
SECURITY ANALYSIS OF NETWORK PROTOCOLS: COMPOSITIONAL REASONING AND COMPLEXITY-THEORETIC FOUNDATIONS
2005
This dissertation addresses two central problems associated with the design and security analysis of network protocols that use cryptographic primitives. The first problem pertains to the secure composition of protocols, where the goal is to develop methods for proving properties of complex protocols by combining independent proofs of their parts. In order to address this problem, we have developed a framework consisting of two formal systems:
A unified framework for concurrent security
Proceedings of the 41st annual ACM symposium on Symposium on theory of computing - STOC '09, 2009
We present a unied framework for obtaining Universally Composable (UC) protocols by relying on stand-alone secure non-malleable commitments. Essentially all results on con- current secure computation|both in relaxed models (e.g., quasi-polynomial time simulation), or with trusted set-up assumptions (e.g., the CRS model, the imperfect CRS model, or the timing model)|are obtained as special cases of our framework. This not only leads to conceptually simpler so- lutions, but also to improved set-up assumptions, round- complexity, and computational assumptions. Additionally, this framework allows us to consider new re- laxed models of security: we show that UC security where the adversary is a uniform PPT but the simulator is al- lowed to be a non-uniform PPT (i.e., essentially, tradi- tional UC security, but with a non-uniform reduction) is possible without any trusted set-up. This gives the rst
A General Composition Theorem for Secure Reactive Systems
Lecture Notes in Computer Science, 2004
We consider compositional properties of reactive systems that are secure in a cryptographic sense. We follow the well-known simulatability approach of modern cryptography, i.e., the specification is an ideal system and a real system should in some sense simulate this ideal one. We show that if a system consists of a polynomial number of arbitrary ideal subsystems such that each of them has a secure implementation in the sense of blackbox simulatability, then one can securely replace all ideal subsystems with their respective secure counterparts without destroying the blackbox simulatability relation. We further prove our theorem for universal simulatability by showing that blackbox simulatability implies universal simulatability under reasonable assumptions. We show all our results with concrete security.
Process Algebra Contexts and Security Properties
2010
A general framework for defining security properties is presented. It allows us to model many traditional security properties as well as to define new ones. The framework is based on process algebras contexts and processes relations. By appropriate choice of both of them we can model also probabilistic and quantified security properties.
Cryptographic Security of Reactive Systems
Electronic Notes in Theoretical Computer Science, 2000
We describe some general relations between cryptographic and abstracted security de nitions, and we present a novel model of security for reactive systems, generalizing previous de nitions relying on the simulatability paradigm.
A Hybrid Analysis for Security Protocols with State
Lecture Notes in Computer Science, 2014
Cryptographic protocols rely on message-passing to coordinate activity among principals. Each principal maintains local state in individual local sessions only as needed to complete that session. However, in some protocols a principal also uses state to coordinate its different local sessions. Sometimes the non-local, mutable state is used as a means, for example with smart cards or Trusted Platform Modules. Sometimes it is the purpose of running the protocol, for example in commercial transactions.
Secure Non-interactive Simulation: Hardness & Feasibility
IACR Cryptol. ePrint Arch., 2020
Network latency is a significant source of inefficiency in interactive protocols. This work contributes towards the possibility of reducing the round complexity and communication complexity of secure computation protocols to a minimum. We introduce the concept of secure noninteractive simulation of joint distributions. Two parties begin with multiple independent samples from a correlated randomness source. Next, our objective is to investigate what forms of joint distributions can Alice and Bob securely simulate without any further communication. This offline preprocessing step fits perfectly within the offline-online paradigm of secure computation, which enables general secure computation even against parties with unbounded computational power. One may interpret this concept as imbuing the notion of non-interactive simulation of joint distributions, which initiated from the seminal works of Gács and Körner (1972), and Wyner (1975), in information theory with cryptographic security....