Paper 2006/465

Security and Composition of Cryptographic Protocols: A Tutorial

Ran Canetti

Abstract

What does it mean for a cryptographic protocol to be "secure"? Capturing the security requirements of cryptographic tasks in a meaningful way is a slippery business: On the one hand, we want security criteria that prevent "all feasible attacks" against a protocol. On the other hand, we want our criteria to not be overly restrictive; that is, we want them to accept those protocols that do not succumb to "feasible attacks". This tutorial studies a general methodology for defining security of cryptographic protocols. The methodology, often dubbed the "trusted party paradigm", allows for defining the security requirements of practically any cryptographic task in a unified and natural way. We first review a basic formulation that captures security in isolation from other protocol instances. Next we address the secure composition problem, namely the vulnerabilities resulting from the often unexpected interactions among different protocol instances that run alongside each other in the same system. We demonstrate the limitations of the basic formulation and review a formulation that guarantees security of protocols even in general composite systems.

Metadata
Available format(s)
PS
Category
Cryptographic protocols
Publication info
Published elsewhere. This is an updated version of a two-part contribution to the Distributed Computing column of SIGACT News, Vol. 37, Nos. 3 and 4, 2006.
Keywords
notions of securitysecure composition
Contact author(s)
canetti @ csail mit edu
History
2006-12-18: last of 2 revisions
2006-12-08: received
See all versions
Short URL
https://ia.cr/2006/465
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2006/465,
      author = {Ran Canetti},
      title = {Security and Composition of Cryptographic Protocols: A Tutorial},
      howpublished = {Cryptology ePrint Archive, Paper 2006/465},
      year = {2006},
      note = {\url{https://eprint.iacr.org/2006/465}},
      url = {https://eprint.iacr.org/2006/465}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.