A model for asynchronous reactive systems and its application to secure message transmission

Pfitzmann, Birgit; Waidner, Michael

doi:10.1109/secpri.2001.924298

Cited by 192 publications

(297 citation statements)

References 11 publications

Supporting

Mentioning

296

Contrasting

Order By: Relevance

“…This work is based on definitions of secure function evaluation, i.e., the computation of one set of outputs from one set of inputs [27,37,15,17]. The approach was extended from synchronous to asynchronous systems in [45,18], which are now known as the reactive simulatability framework [45,8] and the universal composability framework [18]. A detailed comparison of the two approaches may be found in [23].…”

Section: Previous Workmentioning

confidence: 99%

Soundness of Formal Encryption in the Presence of Key-Cycles

Adão

Bana

Herzog

et al. 2005

Computer Security – ESORICS 2005

View full text Add to dashboard Cite

Abstract. Both the formal and the computational models of cryptography contain the notion of message equivalence or indistinguishability. An encryption scheme provides soundness for indistinguishability if, when mapping formal messages into the computational model, equivalent formal messages are mapped to indistinguishable computational distributions. Previous soundness results are limited in that they do not apply when key-cycles are present. We demonstrate that an encryption scheme provides soundness in the presence of key-cycles if it satisfies the recently-introduced notion of key-dependent message (KDM) security. We also show that soundness in the presence of key-cycles (and KDM security) neither implies nor is implied by security against chosen ciphertext attack (CCA-2). Therefore, soundness for key-cycles is possible using a new notion of computational security, not possible using previous such notions, and the relationship between the formal and computational models extends beyond chosen-ciphertext security.

show abstract

Section: Previous Workmentioning

confidence: 99%

Soundness of Formal Encryption in the Presence of Key-Cycles

Adão

Bana

Herzog

et al. 2005

Computer Security – ESORICS 2005

View full text Add to dashboard Cite

show abstract

“…The model of universal composability alias reactive simulatability was proposed by Canetti [20] and by Pfitzmann et al [34,13]. The model has been used to define sound abstractions of various cryptographic primitives.…”

Section: Related Workmentioning

confidence: 99%

Threshold Homomorphic Encryption in the Universally Composable Cryptographic Library

Laud

Ngo

2008

Provable Security

View full text Add to dashboard Cite

Abstract. The universally composable cryptographic library by Backes, Pfitzmann and Waidner provides Dolev-Yao-like, but cryptographically sound abstractions to common cryptographic primitives like encryptions and signatures. The library has been used to give the correctness proofs of various protocols; while the arguments in such proofs are similar to the ones done with the Dolev-Yao model that has been researched for a couple of decades already, the conclusions that such arguments provide are cryptographically sound. Various interesting protocols, for example e-voting, make extensive use of primitives that the library currently does not provide. The library can certainly be extended, and in this paper we provide one such extensionwe add threshold homomorphic encryption to the universally composable cryptographic library and demonstrate its usefulness by (re)proving the security of a well-known e-voting protocol.

show abstract

“…The paper [45] does not deal with probabilistic bisimulation or the proof rules for our calculus. Another one based on I/O automata can be found in [7,8,57,58]. Previous literature on probabilistic process calculi includes, e.g., [11,40,65].…”

Section: Introductionmentioning

confidence: 99%

“…If P is a protocol of interest, and Q is an idealised form of the expression that uses private channels to guarantee authentication and secrecy, then P ∼ = Q is a succinct way of asserting that P is secure. We have found this approach, also used in [14][15][16][17][18]58], effective not only for specifying security properties of common network protocols, but also for stating common cryptographic assumptions. For this reason, we believe it is possible to prove protocol security from cryptographic assumptions using equational reasoning.…”

Section: Introductionmentioning

confidence: 99%

Probabilistic Polynomial-Time Process Calculus and Security Protocol Analysis

Mitchell

2001

Programming Languages and Systems

View full text Add to dashboard Cite

Abstract. We prove properties of a process calculus that is designed for analysing security protocols. Our long-term goal is to develop a form of protocol analysis, consistent with standard cryptographic assumptions, that provides a language for expressing probabilistic polynomial-time protocol steps, a specification method based on a compositional form of equivalence, and a logical basis for reasoning about equivalence.The process calculus is a variant of CCS, with bounded replication and probabilistic polynomial-time expressions allowed in messages and boolean tests. To avoid inconsistency between security and nondeterminism, messages are scheduled probabilistically instead of nondeterministically. We prove that evaluation of any process expression halts in probabilistic polynomial time and define a form of asymptotic protocol equivalence that allows security properties to be expressed using observational equivalence, a standard relation from programming language theory that involves quantifying over all possible environments that might interact with the protocol.We develop a form of probabilistic bisimulation and use it to establish the soundness of an equational proof system based on observational equivalences. The proof system is illustrated by a formation derivation of the assertion, well-known in cryptography, that El Gamal encryption's semantic security is equivalent to the (computational) Decision Diffie-Hellman assumption. This example demonstrates the power of probabilistic bisimulation and equational reasoning for protocol security.

show abstract

A model for asynchronous reactive systems and its application to secure message transmission

Cited by 192 publications

References 11 publications

Soundness of Formal Encryption in the Presence of Key-Cycles

Soundness of Formal Encryption in the Presence of Key-Cycles

Threshold Homomorphic Encryption in the Universally Composable Cryptographic Library

Probabilistic Polynomial-Time Process Calculus and Security Protocol Analysis

Contact Info

Product

Resources

About