On the Relationships between Notions of Simulation-Based Security

  • Authors:

  • Ralf Küsters;Anupam Datta;John C. Mitchell;Ajith Ramanathan

  • Affiliations:

  • University of Trier, Computer Science Department, FB IV, Campus II, 54286, Trier, Germany;Carnegie Mellon University, CyLab, Computer Science, Electrical and Computer Engineering, FB IV, Campus II, 15213, Pittsburgh, PA, USA;Stanford University, Computer Science Department, FB IV, Campus II, 94305-9045, Stanford, CA, USA;Stanford University, Computer Science Department, FB IV, Campus II, 94305-9045, Stanford, CA, USA

  • Venue:
  • Journal of Cryptology
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

Several compositional forms of simulation-based security have been proposed in the literature, including Universal Composability, Black-Box Simulatability, and variants thereof. These relations between a protocol and an ideal functionality are similar enough that they can be ordered from strongest to weakest according to the logical form of their definitions. However, determining whether two relations are in fact identical depends on some subtle features that have not been brought out in previous studies. We identify two main factors: the position of a “master process” in the distributed system and some limitations on transparent message forwarding within computational complexity bounds. Using a general computational framework, called Sequential Probabilistic Process Calculus (SPPC), we clarify the relationships between the simulation-based security conditions. Many of the proofs are carried out based on a small set of equivalence principles involving processes and distributed systems. These equivalences exhibit the essential properties needed to prove relationships between security notions and allow us to carry over our results to those computational models which satisfy these equivalences.