The knowledge complexity of interactive proof-systems
STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
How to withstand mobile virus attacks (extended abstract)
PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
Probabilistic simulations for probabilistic processes
Nordic Journal of Computing
Time-Constrained Automata (Extended Abstract)
CONCUR '91 Proceedings of the 2nd International Conference on Concurrency Theory
A Forward-Secure Digital Signature Scheme
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols
Theoretical Computer Science
Compositional Security for Task-PIOAs
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Analyzing Security Protocols Using Time-Bounded Task-PIOAs
Discrete Event Dynamic Systems
Long-term security and universal composability
TCC'07 Proceedings of the 4th conference on Theory of cryptography
A forward-secure public-key encryption scheme
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Hi-index | 0.00 |
For many cryptographic protocols, security relies on the assumption that adversarial entities have limited computational power. This type of security degrades progressively over the lifetime of a protocol. However, some cryptographic services, such as timestamping services or digital archives, are long-livedin nature; they are expected to be secure and operational for a very long time (i.e.super-polynomial). In such cases, security cannot be guaranteed in the traditional sense: a computationally secure protocol may become insecure if the attacker has a super-polynomial number of interactions with the protocol.This paper proposes a new paradigm for the analysis of long-lived security protocols. We allow entities to be active for a potentially unbounded amount of real time, provided they perform only a polynomial amount of work per unit of real time. Moreover, the space used by these entities is allocated dynamically and must be polynomially bounded. We propose a new notion of long-term implementation, which is an adaptation of computational indistinguishability to the long-lived setting. We show that long-term implementation is preserved under polynomial parallel composition and exponential sequential composition. We illustrate the use of this new paradigm by analyzing some security properties of the long-lived timestamping protocol of Haber and Kamat.