On the security of multi-party ping-pong protocols

We define a p-party ping-pong protocol and its security problem, along the lines of Dolev and Yao's definition for twoparty ping-pong protocol. In the case of two parties, it was assumed, with no loss of generality, that there exists a single saboteur in the net and the protocol was defined to be secure iff it was secure against the active interventions of one saboteur. We show that for more than 2 parties this assumption can no longer be made and that for p parties 3(p-2) + 1 is a lower bound on the number of saboteurs which should be considered for the security problem. On the other hand we establish a 3(p-2) + 2 upper bound on the number of saboteurs which should be considered. We conclude that for a fixed p, p-party ping-pong protocols can be tested for security in 0(n3) time and 0(n2) space, when n is the length of the protocol. We show that if p, the number of participants in the protocol, is part of the input then the security problem becomes NP-Hard. Relaxing the definition of a ping-pong protocol so that operators can operate on half words (thus introducing commutativity of the operators) causes the security problem to become undecidable.

[1]  Mihalis Yannakakis,et al.  The complexity of restricted spanning tree problems , 1982, JACM.

[2]  Emil L. Post A variant of a recursively unsolvable problem , 1946 .

[3]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[4]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[5]  Richard M. Karp,et al.  On the Security of Ping-Pong Protocols , 1982, Inf. Control..

[6]  Nancy A. Lynch,et al.  Cryptographic protocols , 1982, STOC '82.

[7]  Silvio Micali,et al.  How to simultaneously exchange a secret bit by flipping a symmetrically-biased coin , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[8]  Richard M. Karp,et al.  On the Security of Ping-Pong Protocols , 1982, Information and Control.

[9]  A. Church,et al.  Some properties of conversion , 1936 .

[10]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[11]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[12]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[13]  Oded Goldreich,et al.  On the security of multi-party ping-pong protocols , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[14]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[15]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[16]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.