Skip to main content
SpringerLink
Log in

Conditional reactive simulatability

  • SPECIAL ISSUE PAPER
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Simulatability has established itself as a salient notion for defining and proving the security of cryptographic protocols since it entails strong security and compositionality guarantees, which are achieved by universally quantifying over all environmental behaviors of the analyzed protocol. As a consequence, however, protocols that are secure except for certain environmental behaviors are not simulatable, even if these behaviors are efficiently identifiable and thus can be prevented by the surrounding protocol. We propose a relaxation of simulatability by conditioning the permitted environmental behaviors, i.e., simulation is only required for environmental behaviors that fulfill explicitly stated constraints. This yields a more fine-grained security definition that is achievable for several protocols for which unconditional simulatability is too strict a notion, or at lower cost for the underlying cryptographic primitives. Although imposing restrictions on the environment destroys unconditional composability in general, we show that the composition of a large class of conditionally simulatable protocols yields protocols that are again simulatable under suitable conditions. This even holds for the case of cyclic assume-guarantee conditions where protocols only guarantee suitable behavior if they themselves are offered certain guarantees. Furthermore, composing several commonly investigated protocol classes with conditionally simulatable subprotocols yields protocols that are again simulatable in the standard, unconditional sense.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi M. and Lamport L. (1995). Conjoining specifications. ACM Trans. Programmm. Lang. Systems 17(3): 507–534

    Article  Google Scholar 

  2. Backes, M., Dürmuth, M., Hofheinz, D., Küsters, R.: Conditional reactive simulatability. In: Computer Security, Proceedings of ESORICS 2006, Lecture Notes in Computer Science, vol. 4189, pp. 424–443. Springer, Heidelberg (2006)

  3. Backes, M., Pfitzmann, B.: Symmetric encryption in a simulatable dolev-yao style cryptographic library. In: 17th IEEE Computer Security Foundations Workshop, Proceedings of CSFW 2004, pp. 204–218. IEEE Computer Society (2004)

  4. Backes, M., Pfitzmann, B.: Limits of the cryptographic realization of Dolev-Yao-style XOR. In: Computer Security, Proceedings of ESORICS 2005, Lecture Notes in Computer Science, vol. 3679, pp. 178–196. Springer, Heidelberg (2005)

  5. Backes, M., Pfitzmann, B., Scedrov, A.: Key-dependent message security under active attacks–BRSIM/UC-soundness of symbolic encryption with key cycles. In: 20th IEEE Computer Security Foundations Symposium, Proceedings of CSF 2007, pp. 112–124. IEEE Computer Society (2007)

  6. Backes, M., Pfitzmann, B., Waidner, M.: A composable cryptographic library with nested operations. In: 10th ACM Conference on Computer and Communications Security, Proceedings of CCS 2003, pp. 220–230. ACM Press (2003). Extended abstract

  7. Backes M., Pfitzmann B. and Waidner M. (2004). A general composition theorem for secure reactive systems. In: Naor, M. (eds) Theory of Cryptography, Proceedings of TCC 2004, Lecture Notes in Computer Science, vol. 2951, pp 336–354. Springer, Heidelberg

    Google Scholar 

  8. Backes, M., Pfitzmann, B., Waidner, M.: Secure asynchronous reactive systems. IACR ePrint Archive (2004)

  9. Backes, M., Pfitzmann, B., Waidner, M.: Limits of the Reactive Simulatability/UC of Dolev-Yao models with hashes. In: Computer Security, Proceedings of ESORICS 2006, Lecture Notes in Computer Science, vol. 4189, pp. 404–423. Springer, Heidelberg (2006)

  10. Barak, B., Sahai, A.: How to play almost any mental game over the net—concurrent composition via super-polynomial simulation. In: 46th Annual Symposium on Foundations of Computer Science, Proceedings of FOCS 2005, pp. 543–552. IEEE Computer Society (2005)

  11. Beaver, D. : Foundations of secure interactive computing. In: Feigenbaum, J. Advances in Cryptology, Proceedings of CRYPTO ’91, Lecture Notes in Computer Science, vol. 576, pp. 377–391. Springer, Heidelberg (1992)

  12. Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Advances in Cryptology—ASIACRYPT 2000, pp. 531–545 (2000)

  13. Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient constructions. In: Advances in Cryptology—ASIACRYPT 2000, pp. 317–330 (2000)

  14. Black J., Rogaway P. and Shrimpton T. (2003). Encryption-scheme security in the presence of key-dependent messages. In: Nyberg, K. and Heys, H.M. (eds) Selected Areas in Cryptography, Proceedings of SAC 2002, Lecture Notes in Computer Science, vol. 2595, pp 62–75. Springer, Heidelberg

    Google Scholar 

  15. Camenisch J. and Lysyanskaya A. (2001). Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In: Pfitzmann, B. (eds) Advances in Cryptology, Proceedings of EUROCRYPT 2001, Lecture Notes in Computer Science, vol. 2045, pp 93–118. Springer, Heidelberg

    Google Scholar 

  16. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, Proceedings of FOCS 2001, pp. 136–145. IEEE Computer Society (2001)

  17. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. IACR ePrint Archive, January 2005. Full and revised version of [16]

  18. Canetti R. and Fischlin M. (2001). Universally composable commitments. In: Kilian, J. (eds) Advances in Cryptology, Proceedings of CRYPTO 2001, Lecture Notes in Computer Science, vol. 2139, pp 19–40. Springer, Heidelberg

    Google Scholar 

  19. Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: 34th Annual ACM Symposium on Theory of Computing, Proceedings of STOC 2002, pp. 494–503. ACM Press (2002) Extended abstract

  20. Datta, A., Derek, A., Mitchell, J.C., Ramanathan, A., Scedrov, A.: Games and the impossibility of realizable ideal functionality. In: To appear in Proceedings of Theory of Cryptography (TCC 2006) (2006)

  21. Datta, A., Küsters, R., Mitchell, J.C., Ramanathan, A.: On the relationships between notions of simulation-based security. In: In Theory of Cryptography, Proceedings of TCC 2005, pp. 476–494 (2005)

  22. Giannakopoulou, D., Pasareanu, C.S., Cobleigh, J.M.: Assume-guarantee verification of source code with design-level assumptions. In: Proceedings of 26th International Conference on Software Engineering, pp. 211–220 (2004)

  23. Gligor, V.D., Donescu, P.: Fast encryption and authentication: Xcbc encryption and xecb authentication modes. In: Proceedings of 8th Fast Software Encryption, pp. 82–108 (2001)

  24. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game—a completeness theorem for protocols with honest majority. In: Nineteenth Annual ACM Symposium on Theory of Computing, Proceedings of STOC 1987, pp. 218–229. ACM Press (1987) Extended abstract

  25. Goldwasser S., Micali S. and Rackoff C. (1989). The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1): 186–208

    Article  MATH  MathSciNet  Google Scholar 

  26. Hinton, H.: Composing partially-specified systems. In: IEEE Symposium on Security and Privacy, Proceedings of SSP 1998, pp. 27–39. IEEE Computer Society (1998)

  27. Hofheinz D. and Müller-Quade J. (2004). Universally composable commitments using random oracles. In: Naor, M. (eds) Theory of Cryptography, Proceedings of TCC 2004, Lecture Notes in Computer Science, vol. 2951, pp 58–76. Springer, Heidelberg

    Google Scholar 

  28. Jones, C.: Specification and design of (parallel) programs. In: Information Processing 83: Proceedings 9th IFIP World Congress, pp. 321–322 (1983)

  29. Jutla, C.: Encryption modes with almost free message integrity. In: Advances in Crptology—EUROCRYPT 2001, pp. 529–544 (2001)

  30. Küsters, R.: Simulation-based security with inexhaustible interactive turing machines. In: Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW-19 2006), pp. 309–320. IEEE Computer Society (2006)

  31. Lindell, Y.: General composition and universal composability in secure multi-party computation. In: 44th Annual Symposium on Foundations of Computer Science, Proceedings of FOCS 2003, pp. 394–403. IEEE Computer Society (2003)

  32. Lindell, Y., Lysyanskaya, A., Rabin, T.: On the composition of authenticated byzantine agreement. In: 34th Annual ACM Symposium on Theory of Computing, Proceedings of STOC 2002, pp. 514–523. ACM Press (2002)

  33. Micali S. and Rogaway P. (1992). Secure computation. In: Feigenbaum, J. (eds) Advances in Cryptology, Proceedings of CRYPTO ’91, Lecture Notes in Computer Science, vol. 576, pp 392–404. Springer, Heidelberg, Abstract

    Google Scholar 

  34. Misra J. and Chandy M. (1981). Proofs of networks of processes. IEEE Trans. Softw. Eng. 7(4): 417–426

    Article  MathSciNet  Google Scholar 

  35. Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Security and Privacy, Proceedings of SSP 2001, pp. 184–200 IEEE Computer Society (2001)

  36. Prabhakaran, M., Sahai, A.: New notions of security: achieving universal composability without trusted setup. In: 36th Annual ACM Symposium on Theory of Computing, Proceedings of STOC 2004, pp. 242–251. ACM Press (2004)

  37. Yao, A.C.-C.: Theory and applications of trapdoor functions. In: 23rd Annual Symposium on Foundations of Computer Science, Proceedings of FOCS 1982, pp. 80–91. IEEE Computer Society, (1982)

Download references

Author information

Authors and Affiliations

  1. Saarland University, Saarbrücken, Germany

    Michael Backes & Markus Dürmuth

  2. CWI, Cryptology and Information Security Group, Prof. Dr. R. Cramer, Amsterdam, The Netherlands

    Dennis Hofheinz

  3. ETH Zürich, Zürich, Switzerland

    Ralf Küsters

Authors
  1. Michael Backes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Markus Dürmuth
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dennis Hofheinz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ralf Küsters
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Backes.

Additional information

A preliminary version of this paper appeared in Proc. of 11th European Symposium on Research in Computer Security (ESORICS) [2].

Rights and permissions

Reprints and permissions

About this article

Cite this article

Backes, M., Dürmuth, M., Hofheinz, D. et al. Conditional reactive simulatability. Int. J. Inf. Secur. 7, 155–169 (2008). https://doi.org/10.1007/s10207-007-0046-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-007-0046-6

Keywords

Search

Navigation