Cryptology ePrint Archive: Report 2000/067

Universally Composable Security: A New Paradigm for Cryptographic Protocols

Ran Canetti

Abstract: We present a general framework for representing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols is maintained under a general protocol composition operation, called universal composition. The proposed framework with its security-preserving composition property allow for modular design and analysis of complex cryptographic protocols from relatively simple building blocks. Moreover, within this framework, protocols are guaranteed to maintain their security within any context, even in the presence of an unbounded number of arbitrary protocol instances that run concurrently in an adversarially controlled manner. This is a useful guarantee, that allows arguing about the security of cryptographic protocols in complex and unpredictable environments such as modern communication networks.

Category / Keywords: foundations / cryptographic protocols, security analysis of protocols, concurrent composition.

Publication Info: Extended Abstract appeared in proceedings of the 42nd Symposium on Foundations of Computer Science (FOCS), 2001.

Date: received 22 Dec 2000, last revised 16 Jul 2013

Contact author: canetti at tau ac il

Available format(s): PDF | BibTeX Citation

Note: This is an updated version. While the overall spirit and the structure of the definitions and results in this paper has remained the same, many important details have changed. We point out and motivate the main differences as we go along. Earlier versions of this work appeared in January 2005 and October 2001, under the same title, and in December 2000 under the title "A unified framework for analyzing security of protocols". These earlier versions can be found at the ECCC archive, TR 01-16 (http://eccc.uni-trier.de/eccc-reports/2001/TR01-016); however they are not needed for understanding this work and have only historic significance.

Version: 20130717:020004 (All versions of this report)

Short URL: ia.cr/2000/067