skip to main content
article

Security and composition of cryptographic protocols: a tutorial (part I)

Published: 01 September 2006 Publication History

Abstract

What does it mean for a cryptographic protocol to be "secure"? Capturing the security requirements of cryptographic tasks in a meaningful way is a slippery business: On the one hand, we want security criteria that prevent "all potential attacks" against a protocol; on the other hand, we want our criteria not to be overly restrictive and accept "reasonable protocols". One of the main reasons for flaws is the often unexpected interactions among different protocol instances that run alongside each other in a composite system.This tutorial studies a general methodology for defining security of cryptographic protocols. The methodology, often dubbed the "trusted party paradigm", allows for defining the security requirements of a large variety of cryptographic tasks in a unified and natural way. We first review more basic formulations that capture security in isolation from other protocol instances. Next we address the security problems associated with protocol composition, and review formulations that guarantee security even in composite systems.

References

[1]
{BPW04} M. Backes, B. Pfitzmann, and M. Waidner. Secure Asynchronous Reactive Systems. Eprint archive, http://eprint.iacr.org/2004/082, March 2004.
[2]
{B+05} B. Barak, R. Canetti, Y. Lindell, R. Pass and T. Rabin. Secure Computation Without Authentication. In Crypto'05, 2005.
[3]
{B91} D. Beaver. Secure Multi-party Protocols and Zero-Knowledge Proof Systems Tolerating a Faulty Minority. J. Cryptology, (1991) 4: 75--122.
[4]
{BCG93} M. Ben-Or, R. Canetti and O. Goldreich. Asynchronous Secure Computations. 25th Symposium on Theory of Computing (STOC), ACM, 1993, pp. 52--61.
[5]
{BGW88} M. Ben-Or, S. Goldwasser and A. Wigderson. Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation. 20th Symposium on Theory of Computing (STOC), ACM, 1988, pp. 1--10.
[6]
{B82} M. Blum. Coin flipping by telephone. IEEE Spring COMPCOM, pp. 133--137, Feb. 1982.
[7]
{BCC88} G. Brassard, D. Chaum and C. Crépeau. Minimum Disclosure Proofs of Knowledge. JCSS, Vol. 37, No. 2, pages 156--189, 1988.
[8]
{C00} R. Canetti. Security and composition of multi-party cryptographic protocols. Journal of Cryptology, Vol. 13, No. 1, winter 2000.
[9]
{C01} R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. (Earlier version of the present work.) Available at http://eccc.uni-trier.de/eccc-reports/2001/TR01-016/revision01.ps. Extended abstract in 42nd FOCS, 2001.
[10]
{C+06} R. Canetti, L. Cheung, D. Kaynar, M. Liskov, N. Lynch, O. Pereira, and R. Segala. Task-Structured Probabilistic I/O Automata. In Workshop on discrete event systems (WODES), 2006.
[11]
{CF01} R. Canetti and M. Fischlin. Universally Composable Commitments. Crypto '01, 2001.
[12]
{CLOS02} R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai. Universally composable two-party and multi-party secure computation. 34th STOC, pp. 494--503, 2002.
[13]
{CGKS95} B. Chor, O. Goldreich, E. Kushilevitz, M. Sudan. Private Information Retrieval. 36th FOCS, 1995, pp. 41--50.
[14]
{DM00} Y. Dodis and S. Micali. Secure Computation. CRYPTO '00, 2000.
[15]
{G01} O. Goldreich. Foundations of Cryptography. Cambridge Press, Vol 1 (2001) and Vol 2 (2004). NP.
[16]
{GMW87} O. Goldreich, S. Micali and A. Wigderson. How to Play any Mental Game. 19th Symposium on Theory of Computing (STOC), ACM, 1987, pp. 218--229.
[17]
{GL90} S. Goldwasser, and L. Levin. Fair Computation of General Functions in Presence of Immoral Majority. CRYPTO '90, LNCS 537, 1990.
[18]
{GM84} S. Goldwasser and S. Micali. Probabilistic encryption. JCSS, Vol. 28, No 2, April 1984, pp. 270--299.
[19]
{GMRa89} S. Goldwasser, S. Micali and C. Rackoff. The Knowledge Complexity of Interactive Proof Systems. SIAM Journal on Comput., Vol. 18, No. 1, 1989, pp. 186--208.
[20]
{HM00} M. Hirt and U. Maurer. Complete characterization of adversaries tolerable in secure multi-party computation. Journal of Cryptology, Vol 13, No. 1, 2000, pp. 31--60. Preliminary version in 16th Symp. on Principles of Distributed Computing (PODC), ACM, 1997, pp. 25--34.
[21]
{H85} C. A. R. Hoare. Communicating Sequential Processes. International Series in Computer Science, Prentice Hall, 1985.
[22]
{LMMS98} P. Lincoln, J. Mitchell, M. Mitchell, A. Scedrov. A Probabilistic Poly-time Framework for Protocol Analysis. 5th ACM Conf. on Computer and Communication Security, 1998, pp. 112--121.
[23]
{LY96} N. Lynch. Distributed Algorithms. Morgan Kaufman, San Francisco, 1996.
[24]
{LSV03} N. Lynch, R. Segala and F. Vaandrager. Compositionality for Probabilistic Automata. 14th CONCUR, LNCS vol. 2761, pages 208--221, 2003. Fuller version appears in MIT Technical Report MITLCS-TR-907.
[25]
{MMS03} P. Mateus, J. C. Mitchell and A. Scedrov. Composition of Cryptographic Protocols in a Probabilistic Polynomial-Time Process Calculus. CONCUR, pp. 323--345, 2003.
[26]
{MR91} S. Micali and P. Rogaway. Secure Computation. unpublished manuscript, 1992. Preliminary version in CRYPTO '91. LNCS 576, 1991.
[27]
{M89} R. Milner. Communication and Concurrency. Prentice Hall, 1989.
[28]
{M99} R. Milner. Communicating and Mobile Systems: the Pi-Calculus. Cambridge University Press, 1999.
[29]
{MRST01} J. Mitchell, A. Ramanathan, A. Scedrov, V. Teague. A probabilistic polynomial-time calculus for analysis of cryptographic protocols (Preliminary report). 17-th Annual Conference on the Mathematical Foundations of Programming Semantics, Arhus, Denmark, May, 2001, ENTCS Vol. 45 (2001).
[30]
{PW94} B. Pfitzmann and M. Waidner. A general framework for formal notions of secure systems. Hildesheimer Informatik-Berichte 11/94, Universitat Hildesheim, 1994. Available at http://www.semper.org/sirene/lit.
[31]
{PW00} B. Pfitzmann and M. Waidner. Composition and integrity preservation of secure reactive systems. 7th ACM Conf. on Computer and Communication Security, 2000, pp. 245--254.
[32]
{PW01} B. Pfitzmann and M. Waidner. A model for asynchronous reactive systems and its application to secure message transmission. IEEE Symposium on Security and Privacy, May 2001. Preliminary version in http://eprint.iacr.org/2000/066 and IBM Research Report RZ 3304 (#93350), IBM Research, Zurich, December 2000.
[33]
{RB89} T. Rabin and M. Ben-Or. Verifiable Secret Sharing and Multi-party Protocols with Honest Majority. 21st Symposium on Theory of Computing (STOC), ACM, 1989, pp. 73--85.
[34]
{Y82A} A. Yao. Protocols for Secure Computation. In Proc. 23rd Annual Symp. on Foundations of Computer Science (FOCS), pages 160--164. IEEE, 1982.
[35]
{Y86} A. Yao, How to generate and exchange secrets, In Proc. 27th Annual Symp. on Foundations of Computer Science (FOCS), pages 162--167. IEEE, 1986.

Cited By

View all
  • (2025)A survey on Cryptoagility and Agile Practices in the light of quantum resistanceInformation and Software Technology10.1016/j.infsof.2024.107604178(107604)Online publication date: Mar-2025
  • (2024)Blockchain and Smart Contracts for Digital Copyright ProtectionFuture Internet10.3390/fi1605016916:5(169)Online publication date: 14-May-2024
  • (2022)OpenPGP Email Forwarding via Diverted Elliptic Curve Diffie-Hellman Key ExchangesProceedings of the Seventh International Conference on Mathematics and Computing10.1007/978-981-16-6890-6_12(153-170)Online publication date: 6-Mar-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM SIGACT News
ACM SIGACT News  Volume 37, Issue 3
September 2006
93 pages
ISSN:0163-5700
DOI:10.1145/1165555
Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 September 2006
Published in SIGACT Volume 37, Issue 3

Check for updates

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)91
  • Downloads (Last 6 weeks)6
Reflects downloads up to 26 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2025)A survey on Cryptoagility and Agile Practices in the light of quantum resistanceInformation and Software Technology10.1016/j.infsof.2024.107604178(107604)Online publication date: Mar-2025
  • (2024)Blockchain and Smart Contracts for Digital Copyright ProtectionFuture Internet10.3390/fi1605016916:5(169)Online publication date: 14-May-2024
  • (2022)OpenPGP Email Forwarding via Diverted Elliptic Curve Diffie-Hellman Key ExchangesProceedings of the Seventh International Conference on Mathematics and Computing10.1007/978-981-16-6890-6_12(153-170)Online publication date: 6-Mar-2022
  • (2021)Blockchain and Cloud to Overcome the Problems of Buyer and Seller Watermarking ProtocolsApplied Sciences10.3390/app11241202811:24(12028)Online publication date: 17-Dec-2021
  • (2020)A Watermarking Protocol Based on BlockchainApplied Sciences10.3390/app1021774610:21(7746)Online publication date: 2-Nov-2020
  • (2020)Universally Composable SecurityJournal of the ACM10.1145/340245767:5(1-94)Online publication date: 16-Sep-2020
  • (2020)Privacy-Preserving Collaborative Deep Learning Using Verifiable Multi-Secret Sharing Scheme2020 3rd International Conference on Mechanical, Electronics, Computer, and Industrial Technology (MECnIT)10.1109/MECnIT48290.2020.9166650(296-301)Online publication date: Jun-2020
  • (2020)Modeling Cryptographic Protocols Using Computer Algebra Systems2020 V International Conference on Information Technologies in Engineering Education ( Inforino )10.1109/Inforino48376.2020.9111832(1-4)Online publication date: Apr-2020
  • (2020)Efficient Constructions for Almost-Everywhere Secure ComputationAdvances in Cryptology – EUROCRYPT 202010.1007/978-3-030-45724-2_6(159-183)Online publication date: 10-May-2020
  • (2019)The Case of Adversarial Inputs for Secure Similarity Approximation Protocols2019 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP.2019.00027(247-262)Online publication date: Jun-2019
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media