Paper 2014/432
Composable Authentication with Global PKI
Ran Canetti and Daniel Shahaf and Margarita Vald
Abstract
Message authentication is one of the most basic tasks of cryptography, and authentication based on public-key infrastructure (PKI) is one of the most prevalent methods for message and entity authentication. Still, the state of the art in composable security analysis of PKI-based authentication is somewhat unsatisfactory. Specifically, existing treatments either (a)~make the unrealistic assumption that the PKI is accessible only within the confines of the authentication protocol itself, thus failing to capture real-world PKI-based authentication, or (b)~impose often-unnecessary requirements---such as strong on-line non-transferability---on candidate protocols, thus ruling out natural candidates. We give a modular and composable analytical framework for PKI-based message authentication protocols. This framework guarantees security even when the PKI is pre-existing and globally available, without being unnecessarily restrictive. Specifically, we model PKI as a global set-up functionality within the \emph{Global~UC} security model [Canetti \etal, TCC 2007] and relax the ideal authentication functionality accordingly. We then demonstrate the security of a simple signature-based authentication protocol. Our modeling makes minimal security assumptions on the PKI in use; in particular, ``knowledge of the secret key'' is not guaranteed or verified. To enable our treatment, we formulate two new composition theorems.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- public-key infrastructuremessage authenticationdigital signaturesdeniabilitynon-transferabilityuniversal composability
- Contact author(s)
- margarita vald @ cs tau ac il
- History
- 2014-10-09: revised
- 2014-06-12: received
- See all versions
- Short URL
- https://ia.cr/2014/432
- License
-
CC BY