Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
A semantics for a logic of authentication (extended abstract)
PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
A probabilistic poly-time framework for protocol analysis
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
A new family of authentication protocols
ACM SIGOPS Operating Systems Review
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
A Digital Signature Based on a Conventional Encryption Function
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks
Proceedings of the 7th International Workshop on Security Protocols
Polynomial Fairness and Liveness
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
On the impossibility of building secure cliques-type authenticated group key agreement protocols
Journal of Computer Security - Special issue on CSFW17
TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks
IPSN '08 Proceedings of the 7th international conference on Information processing in sensor networks
Can We Construct Unbounded Time-Stamping Schemes from Collision-Free Hash Functions?
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Concrete Security for Entity Recognition: The Jane Doe Protocol
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
A New Message Recognition Protocol for Ad Hoc Pervasive Networks
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
User-aided data authentication
International Journal of Security and Networks
A New Message Recognition Protocol with Self-recoverability for Ad Hoc Pervasive Networks
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Does secure time-stamping imply collision-free hash functions?
ProvSec'07 Proceedings of the 1st international conference on Provable security
Impossibility Results for Secret Establishment
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
A fair non-repudiation protocol
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Limits of the cryptographic realization of dolev-yao-style XOR
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Limits of the BRSIM/UC soundness of dolev-yao models with hashes
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Implementing cryptographic primitives in the symbolic model
NFM'11 Proceedings of the Third international conference on NASA Formal methods
Hi-index | 0.01 |
A message recognition protocol (MRP) aims to exchange authenticated information in an insecure channel. During the initialization session of the protocol, the parties exchange some authenticated information which the adversary can passively observe. Then, one party wants to send authenticated messages to the other party over an insecure channel. Such security requirements are often found in wireless sensor networks. A perennial MRP is one that is able to recover from the adversarial interference, no matter how long the adversary has been active before it stops. MRPs based on hash chains are not perennial because after fixing the length of the hash chain in the initialization phase, authentic communication is not possible if the adversary interferes until all elements of the hash chain have been consumed. Perennial MRPs can be trivially built from public-key primitives. In this paper we present very strong evidence that they cannot be constructed from "cheap" primitives. Namely, we show in the symbolic model of cryptography, perennial MRPs cannot be built using just hash functions and XORing. The result also covers other symmetric primitives, e.g. encryption. The result explains why all previous attempts to construct perennial MRPs from those primitives have failed. The result also has interesting implications regarding authentication protocols in general, and the gap between formal and computational models of cryptography.