Paper 2000/067

A unified framework for analyzing security of protocols

Ran Canetti

Abstract

Building on known definitions, we present a unified general framework for defining and analyzing security of cryptographic protocols. The framework allows specifying the security requirements of a large number of cryptographic tasks, such as signature, encryption, authentication, key exchange, commitment, oblivious transfer, zero-knowledge, secret sharing, general function evaluation, and more. Furthermore, within this framework security of protocols is preserved under general composition with any other set of protocols that may be running {\em concurrently} in the same system. This holds in a number of standard models of computation, including the challenging setting of asynchronous networks where the communication is public and security holds only for computationally bounded adversaries. Indeed, the proposed framework allows for modular design and analysis of complex protocols from relatively simple building blocks. Moreover, secure protocols are guaranteed to maintain their functionality within any application, even when an unbounded number of protocols are running concurrently in an adversarially controlled manner. Definitions of security in this framework are often more stringent than other definitions. Nonetheless, we show that in many cases they are satisfied by known protocols. (In fact, practically {\em any cryptographic task} can be realized in the synchronous version of the above setting, as long as only a minority of the participants are corrupted.) In other cases satisfying the definitions is left open.