Results 1 
5 of
5
InformationTheoretically Secure Protocols and Security Under Composition
 In the em 38th STOC
, 2006
"... We investigate the question of whether security of protocols in the informationtheoretic setting (where the adversary is computationally unbounded) implies the security of these protocols under concurrent composition. This question is motivated by the folklore that all known protocols that are secu ..."
Abstract

Cited by 29 (5 self)
 Add to MetaCart
We investigate the question of whether security of protocols in the informationtheoretic setting (where the adversary is computationally unbounded) implies the security of these protocols under concurrent composition. This question is motivated by the folklore that all known protocols that are secure in the informationtheoretic setting are indeed secure under concurrent composition. We provide answers to this question for a number of different settings (i.e., considering perfect versus statistical security, and concurrent composition with adaptive versus fixed inputs). Our results enhance the understanding of what is necessary for obtaining security under composition, as well as providing tools (i.e., composition theorems) that can be used for proving the security of protocols under composition while considering only the standard standalone definitions of security.
Obfuscation for cryptographic purposes
 In In TCC 2007, LNCS 4392
, 2007
"... All intext references underlined in blue are linked to publications on ResearchGate, letting you access and read them immediately. ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
All intext references underlined in blue are linked to publications on ResearchGate, letting you access and read them immediately.
Universally composable quantum multiparty computation
 In Advances in Cryptology – Proc. EUROCRYPT 2010, LNCS
, 2010
"... ar ..."
On the necessity of rewinding in secure multiparty computation
 In Proceedings of the 4th conference on Theory of cryptography, TCC’07
, 2007
"... Abstract. We investigate whether security of multiparty computation in the informationtheoretic setting implies their security under concurrent composition. We show that security in the standalone model proven using blackbox simulators in the informationtheoretic setting does not imply security ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We investigate whether security of multiparty computation in the informationtheoretic setting implies their security under concurrent composition. We show that security in the standalone model proven using blackbox simulators in the informationtheoretic setting does not imply security under concurrent composition, not even security under 2bounded concurrent selfcomposition with an inefficient simulator and fixed inputs. This in particular refutes recently made claims on the equivalence of security in the standalone model and concurrent composition for perfect and statistical security (STOC’06). Our result strongly relies on the question whether every rewinding simulator can be transformed into an equivalent, potentially inefficient nonrewinding (straightline) simulator. We answer this question in the negative by giving a protocol that can be proven secure using a rewinding simulator, yet that is not secure for any nonrewinding simulator. 1
Polynomial Runtime and Composability
, 2007
"... In cryptographic protocols, protocol parties and adversaries should only be allowed to perform computationally feasible actions. This can be done by restricting these entities to polynomialtime complexity. However, already to find a good definition for polynomial time complexity for protocols prove ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In cryptographic protocols, protocol parties and adversaries should only be allowed to perform computationally feasible actions. This can be done by restricting these entities to polynomialtime complexity. However, already to find a good definition for polynomial time complexity for protocols proved to be a highly nontrivial problem. A good definition should have the following properties: 1. Completeness: the definition should allow to formulate all protocol tasks which are “intuitively feasible.” 2. Soundness: the security notion resulting from this definition should reflect “intuitive security.” In particular, what the definition considers polynomial time attacks should be precisely the “intuitively feasible ” attacks. 3. Composability: the security notion resulting from this definition should allow for secure composition of protocols. 4. Simplicity: it should be easy to decide whether a protocol or attack is polynomial time. Since we strive for composability, we work in the protocol framework of universal composability (UC). This problem has been considered in a number of works, but no definition satisfying