Polynomial Runtime and Composability

We devise a notion of polynomial runtime suitable for the simulation-based security analysis of multi-party cryptographic protocols. Somewhat surprisingly, straightforward notions of polynomial runtime lack expressivity for reactive tasks and/or lead to an unnatural simulation-based security notion. Indeed, the problem has been recognized in previous works, and several notions of polynomial runtime have already been proposed. However, our new notion, dubbed reactive polynomial time, is the first to combine the following properties: it is simple enough to support simple security/runtime analyses,it is intuitive in the sense that all intuitively feasible protocols and attacks (and only those) are considered polynomial-time,it supports secure composition of protocols in the sense of a universal composition theorem. We work in the Universal Composability (UC) protocol framework. We remark that while the UC framework already features a universal composition theorem, we develop new techniques to prove secure composition in the case of reactively polynomial-time protocols and attacks.

[1]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[2]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[3]  Yehuda Lindell,et al.  General Composition and Universal Composability in Secure Multiparty Computation , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[4]  Ran Canetti,et al.  Time-Bounded Task-PIOAs: A Framework for Analyzing Security Protocols , 2006, DISC.

[5]  S. Rajsbaum Foundations of Cryptography , 2014 .

[6]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[7]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[8]  Ralf Küsters,et al.  Simulation-based security with inexhaustible interactive Turing machines , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[9]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[10]  Michael Backes,et al.  Cryptographically sound analysis of security protocols , 2002 .

[11]  Birgit Pfitzmann,et al.  A General Composition Theorem for Secure Reactive Systems , 2004, TCC.

[12]  Jörn Müller-Quade,et al.  Universally composable zero-knowledge arguments and commitments from signature cards , 2007 .

[13]  Ran Canetti,et al.  Universally composable signature, certification, and authentication , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[14]  Jörn Müller-Quade,et al.  Polynomial runtime in simulatability definitions , 2009, J. Comput. Secur..

[15]  Birgit Pfitzmann,et al.  Secure Asynchronous Reactive Systems , 2004 .

[16]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[17]  Birgit Pfitzmann,et al.  A Composable Cryptographic Library with Nested Operations (Extended Abstract) , 2003 .

[18]  Ralf Küsters,et al.  On the Relationships between Notions of Simulation-Based Security , 2005, Journal of Cryptology.

[19]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[20]  Dennis Hofheinz,et al.  GNUC: A New Universal Composability Framework , 2015, Journal of Cryptology.

[21]  Oded Goldreich On Expected Probabilistic Polynomial-Time Adversaries: A Suggestion for Restricted Definitions and Their Benefits , 2007, TCC.

[22]  Dennis Hofheinz,et al.  Simulatable Security and Polynomially Bounded Concurrent Composition , 2006, IACR Cryptol. ePrint Arch..

[23]  Ran Canetti,et al.  Black-box concurrent zero-knowledge requires \tilde {Ω} (logn) rounds , 2001, STOC '01.

[24]  Birgit Pfitzmann,et al.  A model for asynchronous reactive systems and its application to secure message transmission , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[25]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[26]  Birgit Pfitzmann,et al.  A composable cryptographic library with nested operations , 2003, CCS '03.

[27]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[28]  Dennis Hofheinz,et al.  Comparing Two Notions of Simulatability , 2005, TCC.

[29]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[30]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[31]  Dominique Unruh Protokollkomposition und Komplexität , 2006, Ausgezeichnete Informatikdissertationen.

[32]  Dennis Hofheinz,et al.  Simulatable security and polynomially bounded concurrent composability , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[33]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[34]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 1, Basic Tools , 2001 .