Abstract. Several related research efforts have led to three different ways of specifying protoco... more Abstract. Several related research efforts have led to three different ways of specifying protocol se-curity properties by simulation or equivalence. Abstracting the specification conditions away from the computational frameworks in which they have been previously applied, we show ...
Several compositional forms of simulation-based security have been proposed in the literature, in... more Several compositional forms of simulation-based security have been proposed in the literature, including universal composability, black-box simulatability, and variants thereof. These relations between a protocol and an ideal functionality are similar enough that they can be ordered from strongest to weakest according to the logical form of their definitions. However, determining whether two relations are in fact identical depends on some subtle features that have not been brought out in previous studies. We identify the position of a “master process” in the distributed system, and some limitations on transparent message forwarding within computational complexity bounds, as two main factors. Using a general computational framework, we clarify the relationships between the simulation-based security conditions.
Several compositional forms of simulation-based security have been proposed in the literature, in... more Several compositional forms of simulation-based security have been proposed in the literature, including Universal Composability, Black-Box Simulatability, and variants thereof. These relations between a protocol and an ideal functionality are similar enough that they can be ordered from strongest to weakest according to the logical form of their definitions. However, determining whether two relations are in fact identical depends on some subtle features that have not been brought out in previous studies. We identify two main factors: the position of a “master process” in the distributed system and some limitations on transparent message forwarding within computational complexity bounds. Using a general computational framework, called Sequential Probabilistic Process Calculus (SPPC), we clarify the relationships between the simulation-based security conditions. Many of the proofs are carried out based on a small set of equivalence principles involving processes and distributed systems. These equivalences exhibit the essential properties needed to prove relationships between security notions and allow us to carry over our results to those computational models which satisfy these equivalences.
Abstract Several compositional forms of simulation-based security have been proposed in the liter... more Abstract Several compositional forms of simulation-based security have been proposed in the literature, including universal composability, black-box simulatability, and variants thereof. These relations between protocols and ideal functionalities are similar enough ...
We develop a general method for proving properties of contract-signing protocols using a speciali... more We develop a general method for proving properties of contract-signing protocols using a specialized protocol logic. The method is applied to the Asokan–Shoup–Waidner and the Garay–Jacobson–MacKenzie protocols. Our method offers certain advantages over previous analysis techniques. First, it is compositional: the security guarantees are proved by combining the independent proofs for the three subprotocols of each protocol. Second, the formal proofs are carried out in a “template” form, which gives us a reusable proof that may be instantiated for the two example protocols, as well as for other protocols with the same arrangement of messages. Third, the proofs follow the design intuition. In particular, in proving game-theoretic properties like fairness, we demonstrate success for the specific strategy that the protocol designer had in mind, instead of non-constructively proving that a strategy exists. Finally, our logical proofs demonstrate security when an unbounded number of sessions are executed in parallel.
Abstract. Several related research efforts have led to three different ways of specifying protoco... more Abstract. Several related research efforts have led to three different ways of specifying protocol se-curity properties by simulation or equivalence. Abstracting the specification conditions away from the computational frameworks in which they have been previously applied, we show ...
Several compositional forms of simulation-based security have been proposed in the literature, in... more Several compositional forms of simulation-based security have been proposed in the literature, including universal composability, black-box simulatability, and variants thereof. These relations between a protocol and an ideal functionality are similar enough that they can be ordered from strongest to weakest according to the logical form of their definitions. However, determining whether two relations are in fact identical depends on some subtle features that have not been brought out in previous studies. We identify the position of a “master process” in the distributed system, and some limitations on transparent message forwarding within computational complexity bounds, as two main factors. Using a general computational framework, we clarify the relationships between the simulation-based security conditions.
Several compositional forms of simulation-based security have been proposed in the literature, in... more Several compositional forms of simulation-based security have been proposed in the literature, including Universal Composability, Black-Box Simulatability, and variants thereof. These relations between a protocol and an ideal functionality are similar enough that they can be ordered from strongest to weakest according to the logical form of their definitions. However, determining whether two relations are in fact identical depends on some subtle features that have not been brought out in previous studies. We identify two main factors: the position of a “master process” in the distributed system and some limitations on transparent message forwarding within computational complexity bounds. Using a general computational framework, called Sequential Probabilistic Process Calculus (SPPC), we clarify the relationships between the simulation-based security conditions. Many of the proofs are carried out based on a small set of equivalence principles involving processes and distributed systems. These equivalences exhibit the essential properties needed to prove relationships between security notions and allow us to carry over our results to those computational models which satisfy these equivalences.
Abstract Several compositional forms of simulation-based security have been proposed in the liter... more Abstract Several compositional forms of simulation-based security have been proposed in the literature, including universal composability, black-box simulatability, and variants thereof. These relations between protocols and ideal functionalities are similar enough ...
We develop a general method for proving properties of contract-signing protocols using a speciali... more We develop a general method for proving properties of contract-signing protocols using a specialized protocol logic. The method is applied to the Asokan–Shoup–Waidner and the Garay–Jacobson–MacKenzie protocols. Our method offers certain advantages over previous analysis techniques. First, it is compositional: the security guarantees are proved by combining the independent proofs for the three subprotocols of each protocol. Second, the formal proofs are carried out in a “template” form, which gives us a reusable proof that may be instantiated for the two example protocols, as well as for other protocols with the same arrangement of messages. Third, the proofs follow the design intuition. In particular, in proving game-theoretic properties like fairness, we demonstrate success for the specific strategy that the protocol designer had in mind, instead of non-constructively proving that a strategy exists. Finally, our logical proofs demonstrate security when an unbounded number of sessions are executed in parallel.
Uploads
Papers