Cryptology ePrint Archive: Report 2000/067
Universally Composable Security: A New Paradigm for Cryptographic Protocols
Ran Canetti
Abstract: We present a general framework for representing cryptographic protocols and analyzing their security. The framework
allows specifying the security requirements of practically any
cryptographic task in a unified and systematic way.
Furthermore, in this framework the security of protocols
is maintained under a general protocol composition operation, called
universal composition.
The proposed framework with its security-preserving composition property allow for modular design and analysis of complex cryptographic protocols from relatively simple building blocks.
Moreover, within this framework, protocols are guaranteed to maintain their security within any context, even in the presence of an unbounded number of arbitrary protocol instances that run concurrently in an adversarially controlled manner.
This is a useful guarantee, that allows arguing about the security of
cryptographic protocols in complex and unpredictable environments such
as modern communication networks.
Category / Keywords: foundations / cryptographic protocols, security analysis of protocols, concurrent composition.
Publication Info: Extended Abstract appeared in proceedings of the 42nd Symposium on Foundations of Computer Science (FOCS), 2001.
Date: received 22 Dec 2000, last revised 16 Jul 2013
Contact author: canetti at tau ac il
Available format(s): PDF | BibTeX Citation
Note: This is an updated version. While the overall spirit and the structure of the definitions and results in this paper has remained the same, many important details have changed. We point out and motivate
the main differences as we go along. Earlier versions of this work appeared in January 2005 and October 2001, under the same title,
and in December 2000 under
the title "A unified framework for analyzing security of protocols".
These earlier versions can be found at the ECCC archive, TR 01-16
(http://eccc.uni-trier.de/eccc-reports/2001/TR01-016); however
they are not needed for understanding this work and have only historic
significance.
Version: 20130717:020004 (All versions of this report)
Short URL: ia.cr/2000/067
[ Cryptology ePrint archive ]