Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Universally Composable Notions of Key Exchange and Secure Channels
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)
TCS '00 Proceedings of the International Conference IFIP on Theoretical Computer Science, Exploring New Frontiers of Theoretical Informatics
Key Agreement Protocols and Their Security Analysis
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Simulation-Based Security with Inexhaustible Interactive Turing Machines
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Computationally Sound Compositional Logic for Key Exchange Protocols
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
The reactive simulatability (RSIM) framework for asynchronous systems
Information and Computation
Pseudorandom function tribe ensembles based on one-way permutations: improvements and applications
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Security analysis of the extended access control protocol for machine readable travel documents
ISC'10 Proceedings of the 13th international conference on Information security
Composition theorems without pre-established session identifiers
Proceedings of the 18th ACM conference on Computer and communications security
Probabilistic polynomial-time semantics for a protocol security logic
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
| Hi-index | 0.00 |
In this paper we examine composability properties for the fundamental task of key exchange. Roughly speaking, we show that key exchange protocols secure in the prevalent model of Bellare and Rogaway can be composed with arbitrary protocols that require symmetrically distributed keys. This composition theorem holds if the key exchange protocol satisfies an additional technical requirement that our analysis brings to light: it should be possible to determine which sessions derive equal keys given only the publicly available information. What distinguishes our results from virtually all existing work is that we do not rely, neither directly nor indirectly, on the simulation paradigm. Instead, our security notions and composition theorems exclusively use a game-based formalism.We thus avoid several undesirable consequences of simulation-based security notions and support applicability to a broader class of protocols. In particular, we offer an abstract formalization of game-based security that should be of independent interest in other investigations using game-based formalisms.