In this paper, we therefore present universal and joint state composition theorems which do not assume pre-established SIDs. In our joint state composition theorem, the joint state is an ideal functionality which supports several cryptographic operations, including public-key encryption, (authenticated and unauthenticated) symmetric encryption, MACs, digital signatures, and key derivation. This functionality has recently been proposed by K{\"u}sters and Tuengerthal and has been shown to be realizable under standard cryptographic assumptions and for a reasonable class of environments. We demonstrate the usefulness of our composition theorems by several case studies on real-world security protocols, including IEEE 802.11i, SSL/TLS, SSH, IPsec, and EAP-PSK. While our applications focus on real-world security protocols, our theorems, models, and techniques should be useful beyond this domain.
Category / Keywords: cryptographic protocols / universal composition theorems, composition with joint state, real-world security protocols Date: received 28 Jul 2011, last revised 11 Aug 2011 Contact author: tuengerthal at uni-trier de Available format(s): PDF | BibTeX Citation Version: 20110811:145050 (All versions of this report) Short URL: ia.cr/2011/406 Discussion forum: Show discussion | Start new discussion