Composition and integrity preservation of secure reactive systems
Proceedings of the 7th ACM conference on Computer and communications security
Universally composable two-party and multi-party secure computation
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Time-lock Puzzles and Timed-release Crypto
Time-lock Puzzles and Timed-release Crypto
General Composition and Universal Composability in Secure Multi-Party Computation
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
ACM SIGACT news distributed computing column 24
ACM SIGACT News
The reactive simulatability (RSIM) framework for asynchronous systems
Information and Computation
Polynomial runtime in simulatability definitions
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
On the necessity of rewinding in secure multiparty computation
TCC'07 Proceedings of the 4th conference on Theory of cryptography
On the notion of statistical security in simulatability definitions
ISC'05 Proceedings of the 8th international conference on Information Security
Efficient modular exponentiation-based puzzles for denial-of-service protection
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
On the (non-)equivalence of UC security notions
ProvSec'12 Proceedings of the 6th international conference on Provable Security
Hi-index | 0.00 |
In this work, relations between the security notions standard simulatability and universal simulatability for cryptographic protocols are investigated. A simulatability-based notion of security considers a protocol π as secure as an idealization τ of the protocol task, if and only if every attack on π can be simulated by an attack on τ. Two formalizations, which both provide secure composition of protocols, are common: standard simulatability means that for every π-attack and protocol user H, there is a τ-attack, such that H cannot distinguish π from τ. Universal simulatability means that for every π-attack, there is a τ-attack, such that no protocol user H can distinguish π from τ. Trivially, universal simulatability implies standard simulatability. We show: the converse is true with respect to perfect security, but not with respect to computational or statistical security. Besides, we give a formal definition of a time-lock puzzle, which may be of independent interest. Although the described results do not depend on any computational assumption, we show that the existence of a time-lock puzzle gives an even stronger separation of standard and universal simulatability with respect to computational security.