How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
The knowledge complexity of interactive proof systems
SIAM Journal on Computing
How to withstand mobile virus attacks (extended abstract)
PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
A semantics for a logic of authentication (extended abstract)
PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
Bisimulation through probabilistic testing
Information and Computation
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Composition and behaviors of probabilistic I/O automata
Theoretical Computer Science
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
A probabilistic poly-time framework for protocol analysis
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
A calculus for cryptographic protocols
Information and Computation
Composition and integrity preservation of secure reactive systems
Proceedings of the 7th ACM conference on Computer and communications security
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Universally composable two-party and multi-party secure computation
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
On the composition of authenticated byzantine agreement
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Distributed Algorithms
Probabilistic simulations for probabilistic processes
Nordic Journal of Computing
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Cryptographically Sound and Machine-Assisted Verification of Security Protocols
STACS '03 Proceedings of the 20th Annual Symposium on Theoretical Aspects of Computer Science
Fair Computation of General Functions in Presence of Immoral Majority
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
How To Break and Repair A "Provably Secure" Untraceable Payment System
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Universally Composable Notions of Key Exchange and Secure Channels
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
FME '02 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods - Getting IT Right
I/O Automaton Models and Proofs for Shared-Key Communication Systems
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
A Linguistic Characterization of Bounded Oracle Computation and Probabilistic Polynomial Time
FOCS '98 Proceedings of the 39th Annual Symposium on Foundations of Computer Science
Intransitive Non-Interference for Cryptographic Purposes
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
General Composition and Universal Composability in Secure Multi-Party Computation
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
Logics for Reasoning about Cryptographic Constructions
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
A composable cryptographic library with nested operations
Proceedings of the 10th ACM conference on Computer and communications security
New notions of security: achieving universal composability without trusted setup
STOC '04 Proceedings of the thirty-sixth annual ACM symposium on Theory of computing
Symmetric Encryption in a Simulatable Dolev-Yao Style Cryptographic Library
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Universally Composable Signature, Certification, and Authentication
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
A Cryptographically Sound Dolev-Yao Style Security Proof of an Electronic Payment System
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Polynomial Runtime in Simulatability Definitions
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Relating Symbolic and Cryptographic Secrecy
IEEE Transactions on Dependable and Secure Computing
Reactively secure signature schemes
International Journal of Information Security - Special issue on SC 2003
FOCS '05 Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science
On fairness in simulatability-based cryptographic systems
Proceedings of the 2005 ACM workshop on Formal methods in security engineering
A Computationally Sound Mechanized Prover for Security Protocols
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Simulatable Security and Polynomially Bounded Concurrent Composability
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Cryptographically Sound Theorem Proving
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Simulation-Based Security with Inexhaustible Interactive Turing Machines
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Computationally sound secrecy proofs by mechanized flow analysis
Proceedings of the 13th ACM conference on Computer and communications security
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Journal of Computer Security - Special issue on CSFW15
Verifiable secret sharing as secure computation
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
How to break a practical MIX and design a new one
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Probabilistic polynomial-time semantics for a protocol security logic
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Time-bounded task-PIOAs: a framework for analyzing security protocols
DISC'06 Proceedings of the 20th international conference on Distributed Computing
Comparing two notions of simulatability
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
On the relationships between notions of simulation-based security
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Limits of the cryptographic realization of dolev-yao-style XOR
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
On the notion of statistical security in simulatability definitions
ISC'05 Proceedings of the 8th international conference on Information Security
Cryptographically sound security proofs for basic and public-key kerberos
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Conditional reactive simulatability
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Games and the impossibility of realizable ideal functionality
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Universally composable symbolic analysis of mutual authentication and key-exchange protocols
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Analyzing encryption protocols using formal verification techniques
IEEE Journal on Selected Areas in Communications
Journal of Computer Security - 20th IEEE Computer Security Foundations Symposium (CSF)
Computational soundness of observational equivalence
Proceedings of the 15th ACM conference on Computer and communications security
CoSP: a general framework for computational soundness proofs
Proceedings of the 16th ACM conference on Computer and communications security
On simulatability soundness and mapping soundness of symbolic cryptography
FSTTCS'07 Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science
Computationally sound verification of source code
Proceedings of the 17th ACM conference on Computer and communications security
Computational soundness of symbolic zero-knowledge proofs
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Indifferentiable security reconsidered: role of scheduling
ISC'10 Proceedings of the 13th international conference on Information security
A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems
Journal of Automated Reasoning
Distributed temporal logic for the analysis of security protocol models
Theoretical Computer Science
Composable security analysis of OS services
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Composability of bellare-rogaway key exchange protocols
Proceedings of the 18th ACM conference on Computer and communications security
Modular code-based cryptographic verification
Proceedings of the 18th ACM conference on Computer and communications security
Formal Verification of Differential Privacy for Interactive Systems (Extended Abstract)
Electronic Notes in Theoretical Computer Science (ENTCS)
Structure preserving CCA secure encryption and applications
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
A framework for practical universally composable zero-knowledge protocols
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Confidentiality and integrity: a constructive perspective
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Towards unconditional soundness: computationally complete symbolic attacker
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Computational soundness of indistinguishability properties without computable parsing
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Universally composable synchronous computation
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Computationally complete symbolic attacker and key exchange
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
We define reactive simulatability for general asynchronous systems. Roughly, simulatability means that a real system implements an ideal system (specification) in a way that preserves security in a general cryptographic sense. Reactive means that the system can interact with its users multiple times, e.g., in many concurrent protocol runs or a multi-round game. In terms of distributed systems, reactive simulatability is a type of refinement that preserves particularly strong properties, in particular confidentiality. A core feature of reactive simulatability is composability, i.e., the real system can be plugged in instead of the ideal system within arbitrary larger systems; this is shown in follow-up papers, and so is the preservation of many classes of individual security properties from the ideal to the real systems. A large part of this paper defines a suitable system model. It is based on probabilistic IO automata (PIOA) with two main new features: One is generic distributed scheduling. Important special cases are realistic adversarial scheduling, procedure-call-type scheduling among colocated system parts, and special schedulers such as for fairness, also in combinations. The other is the definition of the reactive runtime via a realization by Turing machines such that notions like polynomial-time are composable. The simple complexity of the transition functions of the automata is not composable. As specializations of this model we define security-specific concepts, in particular a separation between honest users and adversaries and several trust models. The benefit of IO automata as the main model, instead of only interactive Turing machines as usual in cryptographic multi-party computation, is that many cryptographic systems can be specified with an ideal system consisting of only one simple, deterministic IO automaton without any cryptographic objects, as many follow-up papers show. This enables the use of classic formal methods and automatic proof tools for proving larger distributed protocols and systems that use these cryptographic systems.