We give evidence that the reason for the non-composability of statistical security is no artifact of the framework itself, but of the particular formulation of statistical security. Therefore, we give a modified notion of statistical security in the reactive simulatability framework. We prove that this notion allows for secure composition of protocols.
As to the best of our knowledge, no formal definition of statistical security has been fixed for Canetti's universal composability framework, we believe that our observations and results can also help to avoid potential pitfalls there.
Category / Keywords: cryptographic protocols / Reactive simulatability, universal composability, statistical security, protocol composition Date: received 7 Feb 2005 Contact author: unruh at ira uka de Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation Version: 20050210:031523 (All versions of this report) Short URL: ia.cr/2005/032 Discussion forum: Show discussion | Start new discussion