Paper 2006/132
Conditional Reactive Simulatability
Michael Backes, Markus Duermuth, Dennis Hofheinz, and Ralf Kuesters
Abstract
Simulatability has established itself as a salient notion for defining and proving the security of cryptographic protocols since it entails strong security and compositionality guarantees, which are achieved by universally quantifying over all environmental behaviors of the analyzed protocol. As a consequence, however, protocols that are secure except for certain environmental behaviors are not simulatable, even if these behaviors are efficiently identifiable and thus can be prevented by the surrounding protocol. We propose a relaxation of simulatability by conditioning the permitted environmental behaviors, i.e., simulation is only required for environmental behaviors that fulfill explicitly stated constraints. This yields a more fine-grained security definition that is achievable i) for several protocols for which unconditional simulatability is too strict a notion or ii) at lower cost for the underlying cryptographic primitives. Although imposing restrictions on the environment destroys unconditional composability in general, we show that the composition of a large class of conditionally simulatable protocols yields protocols that are again simulatable under suitable conditions. This even holds for the case of cyclic assume-guarantee conditions where protocols only guarantee suitable behavior if they themselves are offered certain guarantees. Furthermore, composing several commonly investigated protocol classes with conditionally simulatable subprotocols yields protocols that are again simulatable in the standard, unconditional sense.
Note: Added PDF Version
Metadata
- Available format(s)
- Category
- Foundations
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- SimulatabilityUniversal ComposabilityImpossibility resultsSoundness
- Contact author(s)
- backes @ cs uni-sb de
- History
- 2007-05-01: revised
- 2006-04-03: received
- See all versions
- Short URL
- https://ia.cr/2006/132
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2006/132, author = {Michael Backes and Markus Duermuth and Dennis Hofheinz and Ralf Kuesters}, title = {Conditional Reactive Simulatability}, howpublished = {Cryptology {ePrint} Archive, Paper 2006/132}, year = {2006}, url = {https://eprint.iacr.org/2006/132} }