Results 1 
5 of
5
Universally composable security: A new paradigm for cryptographic protocols
, 2013
"... We present a general framework for representing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols is preserved ..."
Abstract

Cited by 842 (43 self)
 Add to MetaCart
(Show Context)
We present a general framework for representing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols is preserved under a general protocol composition operation, called universal composition. The proposed framework with its securitypreserving composition operation allows for modular design and analysis of complex cryptographic protocols from relatively simple building blocks. Moreover, within this framework, protocols are guaranteed to maintain their security in any context, even in the presence of an unbounded number of arbitrary protocol instances that run concurrently in an adversarially controlled manner. This is a useful guarantee, that allows arguing about the security of cryptographic protocols in complex and unpredictable environments such as modern communication networks.
Cryptography in NC0
, 2006
"... We study the parallel timecomplexity of basic cryptographic primitives such as oneway functions (OWFs) and pseudorandom generators (PRGs). Specifically, we study the possibility of implementing instances of these primitives by NC 0 functions, namely by functions in which each output bit depends on ..."
Abstract

Cited by 47 (11 self)
 Add to MetaCart
We study the parallel timecomplexity of basic cryptographic primitives such as oneway functions (OWFs) and pseudorandom generators (PRGs). Specifically, we study the possibility of implementing instances of these primitives by NC 0 functions, namely by functions in which each output bit depends on a constant number of input bits. Despite previous efforts in this direction, there has been no convincing theoretical evidence supporting this possibility, which was posed as an open question in several previous works. We essentially settle this question by providing strong positive evidence for the possibility of cryptography in NC 0. Our main result is that every “moderately easy ” OWF (resp., PRG), say computable in NC 1, can be compiled into a corresponding OWF (resp., “lowstretch ” PRG) in which each output bit depends on at most 4 input bits. The existence of OWF and PRG in NC 1 is a relatively mild assumption, implied by most numbertheoretic or algebraic intractability assumptions commonly used in cryptography. A similar compiler can also be obtained for other cryptographic primitives such as oneway permutations, encryption, signatures, commitment, and collisionresistant hashing. Our techniques can also be applied to obtain (unconditional) constructions of “noncryptographic ” PRGs. In particular, we obtain ɛbiased generators and a PRG for spacebounded computation in which each output bit depends on only 3 input bits. Our results make use of the machinery of randomizing polynomials (Ishai and Kushilevitz, 41st FOCS, 2000), which was originally motivated by questions in the domain of informationtheoretic secure multiparty computation. 1
Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol
"... Abstract. We analyze the security of the TLS Record Protocol, a MACthenEncodethenEncrypt (MEE) scheme whose design targets confidentiality and integrity for application layer communications on the Internet. Our main results are twofold. First, we give a new distinguishing attack against TLS when ..."
Abstract

Cited by 31 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We analyze the security of the TLS Record Protocol, a MACthenEncodethenEncrypt (MEE) scheme whose design targets confidentiality and integrity for application layer communications on the Internet. Our main results are twofold. First, we give a new distinguishing attack against TLS when variable length padding and short (truncated) MACs are used. This combination will arise when standardized TLS 1.2 extensions (RFC 6066) are implemented. Second, we show that when tags are longer, the TLS Record Protocol meets a new lengthhiding authenticated encryption security notion that is stronger than INDCCA. 1
0 ∗ Cryptography in NC
, 2006
"... We study the parallel timecomplexity of basic cryptographic primitives such as oneway functions (OWFs) and pseudorandom generators (PRGs). Specifically, we study the possibility of implementing instances of these primitives by NC 0 functions, namely by functions in which each output bit depends on ..."
Abstract
 Add to MetaCart
We study the parallel timecomplexity of basic cryptographic primitives such as oneway functions (OWFs) and pseudorandom generators (PRGs). Specifically, we study the possibility of implementing instances of these primitives by NC 0 functions, namely by functions in which each output bit depends on a constant number of input bits. Despite previous efforts in this direction, there has been no convincing theoretical evidence supporting this possibility, which was posed as an open question in several previous works. We essentially settle this question by providing strong positive evidence for the possibility of cryptography in NC 0. Our main result is that every “moderately easy ” OWF (resp., PRG), say computable in NC 1, can be compiled into a corresponding OWF (resp., “lowstretch ” PRG) in which each output bit depends on at most 4 input bits. The existence of OWF and PRG in NC 1 is a relatively mild assumption, implied by most numbertheoretic or algebraic intractability assumptions commonly used in cryptography. A similar compiler can also be obtained for other cryptographic primitives such as oneway permutations, encryption, signatures, commitment, and collisionresistant hashing. Our techniques can also be applied to obtain (unconditional) constructions of “noncryptographic ” PRGs. In particular, we obtain ɛbiased generators and a PRG for spacebounded computation in which each output bit depends on only 3 input bits. Our results make use of the machinery of randomizing polynomials (Ishai and Kushilevitz, 41st FOCS, 2000), which was originally motivated by questions in the domain of informationtheoretic secure multiparty computation. 1