| 1 | |
| 2 | @preamble { |
| 3 | " |
| 4 | \ifx\url\undefined\let\url\texttt\fi |
| 5 | \ifx\msgid\undefined\let\msgid\texttt\fi |
| 6 | " |
| 7 | } |
| 8 | |
| 9 | @techreport { |
| 10 | Wooding:2000:Storin, |
| 11 | author = "Mark Wooding", |
| 12 | title = "{Storin}: A block cipher for digitial signal processors", |
| 13 | institution = "Straylight/Edgeware", |
| 14 | year = "2000", |
| 15 | url = "http://www.excessus.demon.co.uk/crypto/storin.ps.gz", |
| 16 | abstract = |
| 17 | "We present Storin: a new 96-bit block cipher designed to play to the |
| 18 | strengths of current digital signal processors (DSPs). In particular, DSPs |
| 19 | tend to provide single-cycle multiply-and-accumulate operations, making |
| 20 | matrix multiplications very cheap. Working in an environment where |
| 21 | multiplication is as fast as exclusive-or changes the usual perceptions |
| 22 | about which operations provide good cryptographic strength cheaply. The |
| 23 | scarcity of available memory, for code and for tables, and a penalty for |
| 24 | nonsequential access to data also make traditional block ciphers based |
| 25 | around substitution tables unsuitable." |
| 26 | } |
| 27 | |
| 28 | @PhdThesis{ |
| 29 | Daemen:1995:CHF, |
| 30 | author = "Joan Daemen", |
| 31 | title = "Cipher and hash function design strategies based on linear and |
| 32 | differential cryptanalysis", |
| 33 | year = 1995, |
| 34 | school = "K. U. Leuven" |
| 35 | } |
| 36 | |
| 37 | @misc { |
| 38 | Fisher:2000:Storin-collide, |
| 39 | author = "Matthew Fisher", |
| 40 | title = "Re: Yet another block cipher: {Storin}", |
| 41 | howpublished = "Usenet article in {\texttt{sci.crypt}}", |
| 42 | year = "2000", |
| 43 | note = "Message-id {\msgid{<8gjctn\$9ct\$1@nnrp1.deja.com>}}" |
| 44 | } |
| 45 | |
| 46 | @misc { |
| 47 | Wooding:2000:Storin-diff, |
| 48 | author = "Mark Wooding", |
| 49 | title = "Re: Yet another block cipher: {Storin}", |
| 50 | howpublished = "Usenet article in \texttt{sci.crypt}", |
| 51 | year = "2000", |
| 52 | note = "Message-id {\msgid{<slrn8iqhaq.872.mdw@mull.ncipher.com>}}" |
| 53 | } |
| 54 | |
| 55 | @misc { |
| 56 | Wooding:2003:NPO, |
| 57 | author = "Mark Wooding", |
| 58 | title = "New proofs for old modes", |
| 59 | howpublished = "Unpublished work in progress", |
| 60 | year = "2003", |
| 61 | } |
| 62 | |
| 63 | @PhdThesis{IWJ:1997:WGT, |
| 64 | Author = "Ian Jackson", |
| 65 | title = "Who goes there? Location confidentiality through |
| 66 | anonymity", |
| 67 | year = 1997, |
| 68 | school = "Cambridge University Computer Laboratory", |
| 69 | pages = "vi + 97", |
| 70 | url = "http://www.chiark.greenend.org.uk/~ijackson/thesis/" |
| 71 | } |
| 72 | |
| 73 | @inproceedings{Rogaway:2002:AEAD, |
| 74 | author = "Phillip Rogaway", |
| 75 | title = "Authenticated-Encryption with Associated Data", |
| 76 | year = 2002, |
| 77 | booktitle = "{ACM} Conference on Computer and Communications Security", |
| 78 | url = "http://www.cs.ucdavis.edu/~rogaway/" |
| 79 | } |
| 80 | |
| 81 | @inproceedings{Rogaway:2001:OCB, |
| 82 | author = "Phillip Rogaway and Mihir Bellare and John Black |
| 83 | and Ted Krovetz", |
| 84 | title = "{OCB}: a block-cipher mode of operation for efficient |
| 85 | authenticated encryption", |
| 86 | booktitle = "{ACM} Conference on Computer and Communications Security", |
| 87 | pages = "196-205", |
| 88 | year = "2001", |
| 89 | url = "http://www.cs.ucdavis.edu/~rogaway/ocb/" |
| 90 | } |
| 91 | |
| 92 | @misc{Kohno:2003:CWC, |
| 93 | author = {Tadayoshi Kohno and John Viega and Doug Whiting}, |
| 94 | title = {The CWC Authenticated Encryption (Associated Data) Mode}, |
| 95 | howpublished = {Cryptology ePrint Archive, Report 2003/106}, |
| 96 | year = {2003}, |
| 97 | url = "http://eprint.iacr.org/2003/106", |
| 98 | } |
| 99 | |
| 100 | @inproceedings{Lim:1997:KRA, |
| 101 | author = "Chae Hoon Lim and Pil Joong Lee", |
| 102 | title = "A Key Recovery Attack On Discrete Log-based Schemes Using a |
| 103 | Prime Order Subgroup", |
| 104 | booktitle = "{CRYPTO}", |
| 105 | pages = "249-263", |
| 106 | year = 1997, |
| 107 | url = "http://citeseer.nj.nec.com/article/lim97key.html" |
| 108 | } |
| 109 | |
| 110 | @Periodical{FIPS81, |
| 111 | author = "{United States. National Bureau of Standards}", |
| 112 | title = "{FIPS} Pub 81: {DES} Modes of Operation", |
| 113 | publisher = pub-NBS, |
| 114 | address = pub-NBS:adr, |
| 115 | day = "2", |
| 116 | month = dec, |
| 117 | year = "1981", |
| 118 | CODEN = "FIPPAT", |
| 119 | series = "FIPS Pub; 81", |
| 120 | acknowledgement = ack-nhfb, |
| 121 | keywords = "Computer networks --- Security measures --- Standards; |
| 122 | Computers --- Access control --- Standards; Electronic |
| 123 | data processing departments --- Security measures; |
| 124 | Standards", |
| 125 | } |
| 126 | |
| 127 | @misc{Canetti:2001:AKE, |
| 128 | author = "Ran Canetti and Hugo Krawczyk", |
| 129 | title = "Analysis of Key-Exchange Protocols and Their Use for Building |
| 130 | Secure Channels", |
| 131 | month = may, |
| 132 | year = 2001, |
| 133 | url = "http://eprint.iacr.org/2001/040", |
| 134 | note = "An extended abstract appears in the proceedings of Eurocrypt 2001." |
| 135 | } |
| 136 | |
| 137 | @misc{Krawczyk:2001:OEA, |
| 138 | author = "Hugo Krawczyk", |
| 139 | title = "The order of encryption and authentication for protecting |
| 140 | communications (Or: how secure is {SSL}?)", |
| 141 | month = jun, |
| 142 | year = 2001, |
| 143 | url = "http://eprint.iacr.org/2001/045", |
| 144 | note = "An abridged version appears in the proceedings of {CRYPTO} 2001." |
| 145 | } |
| 146 | |
| 147 | @techreport{Frier:1996:SSL, |
| 148 | author = "A. Frier and P. Karlton and P. Kocher", |
| 149 | title = "The {SSL 3.0} Protocol", |
| 150 | institution = "Netscape Communications Corp.", |
| 151 | month = nov, |
| 152 | year = "1996", |
| 153 | url = "http://home.netscape.com/eng/ssl3/ssl-toc.html" |
| 154 | } |
| 155 | |
| 156 | @misc{RFC2246, |
| 157 | author = "T. Dierks and C. Allen", |
| 158 | title = "{RFC 2264}: The {TLS} Protocol -- Version 1", |
| 159 | year = 1999, |
| 160 | howpublished = "Internet Request for Comments", |
| 161 | url = "ftp://ftp.internic.net/rfc/rfc2246.txt" |
| 162 | } |
| 163 | |
| 164 | @misc{Ylonen:2001:STL, |
| 165 | author = "T. Ylonen and T. Kivinen and M. Saarinen and T. Rinne and |
| 166 | S. Lehtinen", |
| 167 | title = "{SSH} Transport Layer Protocol", |
| 168 | month = jan, |
| 169 | year = 2001, |
| 170 | howpublished = "Internet Draft", |
| 171 | url = "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-09.txt" |
| 172 | } |
| 173 | |
| 174 | @inproceedings{Bellare:1993:ROP, |
| 175 | author = "Mihir Bellare and Phillip Rogaway", |
| 176 | title = "Random oracles are practical", |
| 177 | booktitle = "Proceedings of the First Annual Conference on Computer and |
| 178 | Communications Security", |
| 179 | organization = "{ACM}", |
| 180 | year = 1993, |
| 181 | url = "http://www-cse.ucsd.edu/users/mihir/papers/ro.html" |
| 182 | } |
| 183 | |
| 184 | @inproceedings{Brassard:1989:SZK, |
| 185 | author = "Gilles Brassard and Claude Crepeau", |
| 186 | title = "Sorting out Zero-Knowledge", |
| 187 | booktitle = "Theory and Application of Cryptographic Techniques", |
| 188 | pages = "181-191", |
| 189 | year = "1989", |
| 190 | url = "http://citeseer.nj.nec.com/brassard90sorting.html" |
| 191 | } |
| 192 | |
| 193 | @inproceedings{Bellare:2000:CST, |
| 194 | author = "Mihir Bellare and Anand Desai and E. Jokipii and Phillip Rogaway", |
| 195 | title = "A Concrete Security Treatment of Symmetric Encryption", |
| 196 | booktitle = "{IEEE} Symposium on Foundations of Computer Science", |
| 197 | pages = "394-403", |
| 198 | year = "1997", |
| 199 | url = "http://www-cse.ucsd.edu/users/mihir/papers/sym-enc.html" |
| 200 | } |
| 201 | |
| 202 | @misc{Goldwasser:1999:LNC, |
| 203 | author = "Shafi Goldwasser and Mihir Bellare", |
| 204 | title = "Lecture Notes on Cryptography", |
| 205 | howpublished = "Summer Course ``Cryptography and Computer Security'' at MIT, 1996--1999", |
| 206 | year = "1999", |
| 207 | url = "http://citeseer.nj.nec.com/goldwasser96lecture.html" |
| 208 | } |
| 209 | |
| 210 | |
| 211 | @InProceedings{Rogaway:2002:AEA, |
| 212 | author = "Phillip Rogaway", |
| 213 | title = "Authenticated-encryption with associated-data", |
| 214 | added-by = "msteiner", |
| 215 | URL = "http://www.cs.ucdavis.edu/~rogaway/papers/ad.html", |
| 216 | pages = "98--107", |
| 217 | added-at = "Sun Nov 16 12:50:24 2003", |
| 218 | abstract = "When a message is transformed into a ciphertext in a |
| 219 | way designed to protect both its privacy and |
| 220 | authenticity, there may be additional information, such |
| 221 | as a packet header, that travels alongside the |
| 222 | ciphertext (at least conceptually) and must get |
| 223 | authenticated with it. We formalize and investigate |
| 224 | this authenticated-encryption with associated-data |
| 225 | (AEAD) problem. Though the problem has long been |
| 226 | addressed in cryptographic practice, it was never |
| 227 | provided a definition or even a name. We do this, and |
| 228 | go on to look at efficient solutions for AEAD, both in |
| 229 | general and for the authenticated-encryption scheme |
| 230 | OCB. For the general setting we study two simple ways |
| 231 | to turn an authenticated-encryption scheme that does |
| 232 | not support associated-data into one that does: nonce |
| 233 | stealing and ciphertext translation. For the case of |
| 234 | OCB we construct an AEAD-scheme by combining OCB and |
| 235 | the pseudorandom function PMAC, using the same key for |
| 236 | both algorithms. We prove that, despite |
| 237 | {"}interaction{"} between the two schemes when using a |
| 238 | common key, the combination is sound. We also consider |
| 239 | achieving AEAD by the generic composition of a |
| 240 | nonce-based, privacy-only encryption scheme and a |
| 241 | pseudorandom function.", |
| 242 | booktitle = "Proceedings of the 9th {ACM} Conference on Computer |
| 243 | and Communications Security", |
| 244 | year = "2002", |
| 245 | editor = "Ravi Sandhu", |
| 246 | month = nov, |
| 247 | publisher = "ACM Press", |
| 248 | address = "Washington, DC, USA", |
| 249 | } |
| 250 | |
| 251 | @Article{Rogaway:2003:OCB, |
| 252 | author = "Phillip Rogaway and Mihir Bellare and John Black", |
| 253 | title = "{OCB}: a block-cipher mode of operation for efficient |
| 254 | authenticated encryptiona", |
| 255 | added-by = "msteiner", |
| 256 | URL = "http://www.cs.colorado.edu/~jrblack/papers/ocb.pdf", |
| 257 | journal = "ACM Transactions on Information and System Security", |
| 258 | volume = "6", |
| 259 | year = "2003", |
| 260 | pages = "365--403", |
| 261 | number = "3", |
| 262 | added-at = "Sun Sep 28 21:27:38 2003", |
| 263 | } |
| 264 | |
| 265 | @InProceedings{McGrew:2004:SPG, |
| 266 | title = "The Security and Performance of the Galois/Counter |
| 267 | Mode ({GCM}) of Operation", |
| 268 | author = "David A. McGrew and John Viega", |
| 269 | bibdate = "2004-12-13", |
| 270 | bibsource = "DBLP, |
| 271 | http://dblp.uni-trier.de/db/conf/indocrypt/indocrypt2004.html#McGrewV04", |
| 272 | booktitle = "INDOCRYPT", |
| 273 | booktitle = "Progress in Cryptology - {INDOCRYPT} 2004, 5th |
| 274 | International Conference on Cryptology in India, |
| 275 | Chennai, India, December 20-22, 2004, Proceedings", |
| 276 | publisher = "Springer", |
| 277 | year = "2004", |
| 278 | volume = "3348", |
| 279 | editor = "Anne Canteaut and Kapalee Viswanathan", |
| 280 | ISBN = "3-540-24130-2", |
| 281 | pages = "343--355", |
| 282 | series = "Lecture Notes in Computer Science", |
| 283 | URL = "http://eprint.iacr.org/2004/193" |
| 284 | } |
| 285 | |
| 286 | @techreport{Abdalla:1999:DHAES, |
| 287 | author = "Michel Abdalla and Mihir Bellare and Phillip Rogaway", |
| 288 | title = "{DHAES}: An Encryption Scheme Based on the {Diffie-Hellman} Problem", |
| 289 | number = "99-07", |
| 290 | year = "1999", |
| 291 | url = "http://www-cse.ucsd.edu/users/mihir/papers/pke.html" |
| 292 | } |
| 293 | |
| 294 | @inproceedings{Abdalla:2001:DHIES, |
| 295 | author = "Michel Abdalla and Mihir Bellare and Phillip Rogaway", |
| 296 | title = "{DHIES}: An Encryption Scheme Based on the {Diffie-Hellman} Problem", |
| 297 | crossref = "Naccache:2001:TCC", |
| 298 | year = 2001, |
| 299 | url = "http://www-cse.ucsd.edu/users/mihir/papers/dhies.html" |
| 300 | } |
| 301 | |
| 302 | @inproceedings{Shoup:2001:OAEPR, |
| 303 | author = "V. Shoup", |
| 304 | title = "{OAEP} reconsidered", |
| 305 | crossref = "Kilian:2001:ACC", |
| 306 | pages = "239--259", |
| 307 | url = "http://www.shoup.net/papers/" |
| 308 | } |
| 309 | |
| 310 | @inproceedings{Wagner:2000:PSU, |
| 311 | author = "David Wagner and Ian Goldberg", |
| 312 | title = "Proofs of Security for the {Unix} Password Hashing Algorithm", |
| 313 | crossref = "Okamoto:2000:ACA", |
| 314 | pages = "560--572", |
| 315 | url = "http://www.cs.berkeley.edu/~daw/papers/" |
| 316 | } |
| 317 | |
| 318 | @inproceedings{Brier:2001:CRS, |
| 319 | author = "Eric Brier and Cristophe Clavier and Jean-S\'ebastien Coron and |
| 320 | David Naccache", |
| 321 | title = "Cryptanalysis of {RSA} Signatures with Fixed-Patten Padding", |
| 322 | year = 2001, |
| 323 | crossref = "Kilian:2001:ACC", |
| 324 | pages = "433--439" |
| 325 | } |
| 326 | |
| 327 | @inproceedings{ Alkassar:2001:OSS, |
| 328 | author = "Ammar Alkassar and Alexander Geraldy and Birgit Pfitzmann and Ahmad-Reza Sadeghi", |
| 329 | title = "Optimized Self-Synchronizing Mode of Operation", |
| 330 | crossref = "DBLP:conf/fse/2001", |
| 331 | year = 2001, |
| 332 | url = "http://citeseer.nj.nec.com/alkassar01optimized.html" } |
| 333 | |
| 334 | @unpublished{Shoup:2001:PIS, |
| 335 | author = "Victor Shoup", |
| 336 | title = "Proposal for an {ISO} Standard for Public Key Encryption |
| 337 | (Version 2.0)", |
| 338 | year = 2001, |
| 339 | note = "Unpublished manuscript", |
| 340 | url = "http://www.shoup.net/papers/" |
| 341 | } |
| 342 | |
| 343 | @inproceedings{Shoup:1997:LBD, |
| 344 | author = "Victor Shoup", |
| 345 | title = "Lower bounds for discrete logarithms and related problems", |
| 346 | year = 1997, |
| 347 | url = "http://www.shoup.net/papers/", |
| 348 | crossref = "Fumy:1997:ACE" |
| 349 | } |
| 350 | |
| 351 | @InProceedings{Bellare:2004:EAX, |
| 352 | title = "The {EAX} Mode of Operation", |
| 353 | author = "Mihir Bellare and Phillip Rogaway and David Wagner", |
| 354 | bibdate = "2004-07-29", |
| 355 | bibsource = "DBLP, |
| 356 | http://dblp.uni-trier.de/db/conf/fse/fse2004.html#BellareRW04", |
| 357 | booktitle = "FSE", |
| 358 | booktitle = "Fast Software Encryption, 11th International Workshop, |
| 359 | {FSE} 2004, Delhi, India, February 5-7, 2004, Revised |
| 360 | Papers", |
| 361 | publisher = "Springer", |
| 362 | year = "2004", |
| 363 | volume = "3017", |
| 364 | editor = "Bimal K. Roy and Willi Meier", |
| 365 | ISBN = "3-540-22171-9", |
| 366 | pages = "389--407", |
| 367 | series = "Lecture Notes in Computer Science", |
| 368 | URL = "http://www.cs.berkeley.edu/~daw/papers/eax-fse04.ps" |
| 369 | } |
| 370 | |
| 371 | @Misc{Shoup:1999:OFM, |
| 372 | title = "On Formal Models for Secure Key Exchange", |
| 373 | author = "Victor Shoup", |
| 374 | year = "1999", |
| 375 | month = apr # "~21", |
| 376 | abstract = "A new formal security model for session key exchange |
| 377 | protocols in the public key setting is proposed, and |
| 378 | several efficient protocols are analyzed in this model. |
| 379 | The relationship between this new model and previously |
| 380 | proposed models is explored, and several interesting, |
| 381 | subtle distinctions between static and adaptive |
| 382 | adversaries are explored. We also give a brief account |
| 383 | of anonymous users.", |
| 384 | citeseer-references = "oai:CiteSeerPSU:100248; oai:CiteSeerPSU:159141; |
| 385 | oai:CiteSeerPSU:587558; oai:CiteSeerPSU:70784; |
| 386 | oai:CiteSeerPSU:459391; oai:CiteSeerPSU:340126; |
| 387 | oai:CiteSeerPSU:343528; oai:CiteSeerPSU:451555; |
| 388 | oai:CiteSeerPSU:432396", |
| 389 | annote = "Victor Shoup (IBM Zurich Research Lab , Saumerstr; 4 , |
| 390 | 8803 Ruschlikon , Switzerland);", |
| 391 | bibsource = "OAI-PMH server at cs1.ist.psu.edu", |
| 392 | oai = "oai:CiteSeerPSU:190779", |
| 393 | rights = "unrestricted", |
| 394 | URL = "http://www.shoup.net/papers/skey.ps.Z", |
| 395 | } |
| 396 | |
| 397 | @misc{Koblitz:2006:ALP, |
| 398 | author = {Neal Koblitz and Alfred Menezes}, |
| 399 | title = {Another Look at ``Provable Security''. {II}}, |
| 400 | howpublished = {Cryptology ePrint Archive, Report 2006/229}, |
| 401 | year = {2006}, |
| 402 | url = {http://eprint.iacr.org/2006/229}, |
| 403 | } |
| 404 | |
| 405 | @Article{Blake-Wilson:1998:EAA, |
| 406 | author = "S. Blake-Wilson and A. Menezes", |
| 407 | title = "Entity Authentication and Authenticated Key Transport |
| 408 | Protocols Employing Asymmetric Techniques", |
| 409 | journal = "Lecture Notes in Computer Science", |
| 410 | volume = "1361", |
| 411 | pages = "137--??", |
| 412 | year = "1998", |
| 413 | CODEN = "LNCSD9", |
| 414 | ISSN = "0302-9743", |
| 415 | bibdate = "Tue Apr 28 08:51:33 MDT 1998", |
| 416 | acknowledgement = "Nelson H. F. Beebe, Center for Scientific |
| 417 | Computing, University of Utah, Department of |
| 418 | Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake |
| 419 | City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1 |
| 420 | 801 581 4148, e-mail: \path|beebe@math.utah.edu|, |
| 421 | \path|beebe@acm.org|, \path|beebe@computer.org|, |
| 422 | \path|beebe@ieee.org| (Internet), URL: |
| 423 | \path|http://www.math.utah.edu/~beebe/|", |
| 424 | url = "http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/transport.ps" |
| 425 | } |
| 426 | |
| 427 | @Article{Blake-Wilson:1997:KAP, |
| 428 | author = "S. Blake-Wilson and D. Johnson and A. Menezes", |
| 429 | title = "Key Agreement Protocols and Their Security Analysis", |
| 430 | journal = "Lecture Notes in Computer Science", |
| 431 | volume = "1355", |
| 432 | pages = "30--??", |
| 433 | year = "1997", |
| 434 | CODEN = "LNCSD9", |
| 435 | ISSN = "0302-9743", |
| 436 | bibdate = "Tue Apr 28 08:51:33 MDT 1998", |
| 437 | acknowledgement = "Nelson H. F. Beebe, University of Utah, Department |
| 438 | of Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake |
| 439 | City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1 |
| 440 | 801 581 4148, e-mail: \path|beebe@math.utah.edu|, |
| 441 | \path|beebe@acm.org|, \path|beebe@computer.org| |
| 442 | (Internet), URL: |
| 443 | \path|http://www.math.utah.edu/~beebe/|", |
| 444 | url = "http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/agreement.ps" |
| 445 | } |
| 446 | |
| 447 | @InProceedings{Bellare:1998:MAD, |
| 448 | author = "Mihir Bellare and Ran Canetti and Hugo Krawczyk", |
| 449 | title = "A Modular Approach to the Design and Analysis of Key |
| 450 | Exchange Protocols", |
| 451 | pages = "419--428", |
| 452 | ISBN = "0-89791-962-9", |
| 453 | booktitle = "Proceedings of the 30th Annual {ACM} Symposium on |
| 454 | Theory of Computing ({STOC}-98)", |
| 455 | month = may # "~23--26", |
| 456 | publisher = "ACM Press", |
| 457 | address = "New York", |
| 458 | year = "1998", |
| 459 | url = "http://www.cs.ucsd.edu/~mihir/papers/key-distribution.html" |
| 460 | } |
| 461 | |
| 462 | @TechReport{Canetti:2001:UCS, |
| 463 | author = "Ran Canetti", |
| 464 | title = "Universally Composable Security: {A} New Paradigm for |
| 465 | Cryptographic Protocols", |
| 466 | added-by = "sti", |
| 467 | URL = "http://eprint.iacr.org/2000/067", |
| 468 | number = "2000/067", |
| 469 | month = oct, |
| 470 | abstract = "We propose a new paradigm for defining security of |
| 471 | cryptographic protocols, called {\sf universally |
| 472 | composable security.} The salient property of |
| 473 | universally composable definitions of security is that |
| 474 | they guarantee security even when a secure protocol is |
| 475 | composed with an arbitrary set of protocols, or more |
| 476 | generally when the protocol is used as a component of |
| 477 | an arbitrary system. This is an essential property for |
| 478 | maintaining security of cryptographic protocols in |
| 479 | complex and unpredictable environments such as the |
| 480 | Internet. In particular, universally composable |
| 481 | definitions guarantee security even when an unbounded |
| 482 | number of protocol instances are executed concurrently |
| 483 | in an adversarially controlled manner, they guarantee |
| 484 | non-malleability with respect to arbitrary protocols, |
| 485 | and more. We show how to formulate universally |
| 486 | composable definitions of security for practically any |
| 487 | cryptographic task. Furthermore, we demonstrate that |
| 488 | practically any such definition can be realized using |
| 489 | known general techniques, as long as only a minority of |
| 490 | the participants are corrupted. We then proceed to |
| 491 | formulate universally composable definitions of a wide |
| 492 | array of cryptographic tasks, including authenticated |
| 493 | and secure communication, key-exchange, public-key |
| 494 | encryption, signature, commitment, oblivious transfer, |
| 495 | zero-knowledge, and more. We also make initial steps |
| 496 | towards studying the realizability of the proposed |
| 497 | definitions in other natural settings.", |
| 498 | keywords = "foundations / cryptographic protocols, security |
| 499 | analysis of protocols, concurrent composition", |
| 500 | type = "Report", |
| 501 | annote = "Revised version of \cite{Canett2000a}.", |
| 502 | year = "2001", |
| 503 | institution = "Cryptology {ePrint} Archive", |
| 504 | added-at = "Wed Oct 17 16:02:37 2001", |
| 505 | note = "Extended Abstract appeared in proceedings of the 42nd |
| 506 | Symposium on Foundations of Computer Science (FOCS), |
| 507 | 2001", |
| 508 | } |
| 509 | |
| 510 | @Article{Canett2000a, |
| 511 | author = "Ran Canetti", |
| 512 | title = "Security and Composition of Multiparty Cryptographic |
| 513 | Protocols", |
| 514 | added-by = "sti", |
| 515 | URL = "http://link.springer-ny.com/link/service/journals/00145/papers/0013001/00130143.pdf", |
| 516 | journal = "Journal of Cryptology", |
| 517 | number = "1", |
| 518 | month = "Winter", |
| 519 | abstract = "We present general definitions of security for |
| 520 | multiparty cryptographic protocols, with focus on the |
| 521 | task of evaluating a probabilistic function of the |
| 522 | parties' inputs. We show that, with respect to these |
| 523 | definitions, security is preserved under a natural |
| 524 | composition operation. The definitions follow the |
| 525 | general paradigm of known definitions; yet some |
| 526 | substantial modifications and simplifications are |
| 527 | introduced. The composition operation is the natural |
| 528 | ``subroutine substitution'' operation, formalized by |
| 529 | Micali and Rogaway. We consider several standard |
| 530 | settings for multiparty protocols, including the cases |
| 531 | of eavesdropping, Byzantine, nonadaptive and adaptive |
| 532 | adversaries, as well as the information-theoretic and |
| 533 | the computational models. In particular, in the |
| 534 | computational model we provide the first definition of |
| 535 | security of protocols that is shown to be preserved |
| 536 | under composition.", |
| 537 | volume = "13", |
| 538 | annote = "Discusses general formalization of Secure Multiparty |
| 539 | Computation in synchronous model with passive vs active |
| 540 | (=> compute function t-privately vs t-securely) and |
| 541 | static vs adaptive adversaries as well as perfect |
| 542 | (e.g., with secure channel) and cryptographic settings. |
| 543 | Contrary to previous definitions doesn't restrict to |
| 544 | black-box simulations (though probably that restriction |
| 545 | was not that important) and allows rewinds (more |
| 546 | important, e.g., ZKP). Probably most precise and |
| 547 | complete to date. Proves composition theorems for |
| 548 | 'sequential subroutine composition'. To model adaptive |
| 549 | adversaries he defines an additional TM Z to model the |
| 550 | environment which feeds the context as auxiliary input |
| 551 | on corruptions as well models post-execution effects in |
| 552 | a non-erasing model by allowing Z (on input \emph{all} |
| 553 | outputs of the protocol) to further corrupt parties |
| 554 | (via adversary) after the termination of the protocol. |
| 555 | The simulation has to hold now for all Z and all A (but |
| 556 | note that contrary to A, Z is the same in the ideal |
| 557 | model!). However, if we consider erasing models where |
| 558 | all internal states are deleted after protocol |
| 559 | terminatin then Z can be simplified to apriori fixed |
| 560 | auxilliary strings for each corruption. Appeared also |
| 561 | as Theory of Cryptography Library Record 98-18.", |
| 562 | year = "2000", |
| 563 | pages = "143--202", |
| 564 | publisher = "Springer-Verlag, Berlin Germany", |
| 565 | added-at = "Thu Jul 20 11:01:42 2000", |
| 566 | } |
| 567 | |
| 568 | |
| 569 | @Article{Canetti:2002:UCN, |
| 570 | author = "Ran Canetti and Hugo Krawczyk", |
| 571 | title = "Universally Composable Notions of Key Exchange and |
| 572 | Secure Channels", |
| 573 | journal = "Lecture Notes in Computer Science", |
| 574 | volume = "2332", |
| 575 | pages = "337--??", |
| 576 | year = "2002", |
| 577 | CODEN = "LNCSD9", |
| 578 | ISSN = "0302-9743", |
| 579 | bibdate = "Tue Sep 10 19:09:37 MDT 2002", |
| 580 | bibsource = "http://link.springer-ny.com/link/service/series/0558/tocs/t2332.htm", |
| 581 | url = "http://eprint.iacr.org/2002/059", |
| 582 | acknowledgement = "Nelson H. F. Beebe, Center for Scientific |
| 583 | Computing, University of Utah, Department of |
| 584 | Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake |
| 585 | City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1 |
| 586 | 801 581 4148, e-mail: \path|beebe@math.utah.edu|, |
| 587 | \path|beebe@acm.org|, \path|beebe@computer.org|, |
| 588 | \path|beebe@ieee.org| (Internet), URL: |
| 589 | \path|http://www.math.utah.edu/~beebe/|", |
| 590 | } |
| 591 | |
| 592 | @misc{Shoup:2004:SGT, |
| 593 | author = {Victor Shoup}, |
| 594 | title = {Sequences of games: a tool for taming complexity in security proofs}, |
| 595 | howpublished = {Cryptology ePrint Archive, Report 2004/332}, |
| 596 | year = {2004}, |
| 597 | url = {http://eprint.iacr.org/2004/332}, |
| 598 | } |
| 599 | |
| 600 | @InProceedings{Bellare:2006:STE, |
| 601 | title = "The Security of Triple Encryption and a Framework for |
| 602 | Code-Based Game-Playing Proofs", |
| 603 | author = "Mihir Bellare and Phillip Rogaway", |
| 604 | bibdate = "2006-07-05", |
| 605 | bibsource = "DBLP, |
| 606 | http://dblp.uni-trier.de/db/conf/eurocrypt/eurocrypt2006.html#BellareR06", |
| 607 | booktitle = "Advances in Cryptology - {EUROCRYPT} 2006, 25th Annual |
| 608 | International Conference on the Theory and Applications |
| 609 | of Cryptographic Techniques, St. Petersburg, Russia, |
| 610 | May 28 - June 1, 2006, Proceedings", |
| 611 | publisher = "Springer", |
| 612 | year = "2006", |
| 613 | volume = "4004", |
| 614 | editor = "Serge Vaudenay", |
| 615 | ISBN = "3-540-34546-9", |
| 616 | pages = "409--426", |
| 617 | series = "Lecture Notes in Computer Science", |
| 618 | note = "Proceedings version of \cite{Bellare:2004:CBG}" |
| 619 | } |
| 620 | |
| 621 | @misc{Bellare:2004:CBG, |
| 622 | author = {Mihir Bellare and Phillip Rogaway}, |
| 623 | title = {Code-Based Game-Playing Proofs and the Security of Triple Encryption}, |
| 624 | howpublished = {Cryptology ePrint Archive, Report 2004/331}, |
| 625 | year = {2004}, |
| 626 | url = {http://eprint.iacr.org/2004/331}, |
| 627 | note = "Full version of \cite{Bellare:2006:STE}" |
| 628 | } |
| 629 | |
| 630 | @Article{Shoup:2001:OR, |
| 631 | author = "Victor Shoup", |
| 632 | title = "{OAEP} Reconsidered", |
| 633 | journal = "Lecture Notes in Computer Science", |
| 634 | volume = "2139", |
| 635 | pages = "239--??", |
| 636 | year = "2001", |
| 637 | CODEN = "LNCSD9", |
| 638 | ISSN = "0302-9743", |
| 639 | bibdate = "Sat Feb 2 13:05:41 MST 2002", |
| 640 | bibsource = "http://link.springer-ny.com/link/service/series/0558/tocs/t2139.htm", |
| 641 | URL = "http://link.springer-ny.com/link/service/series/0558/bibs/2139/21390239.htm; |
| 642 | http://link.springer-ny.com/link/service/series/0558/papers/2139/21390239.pdf", |
| 643 | acknowledgement = "Nelson H. F. Beebe, Center for Scientific |
| 644 | Computing, University of Utah, Department of |
| 645 | Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake |
| 646 | City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1 |
| 647 | 801 581 4148, e-mail: \path|beebe@math.utah.edu|, |
| 648 | \path|beebe@acm.org|, \path|beebe@computer.org|, |
| 649 | \path|beebe@ieee.org| (Internet), URL: |
| 650 | \path|http://www.math.utah.edu/~beebe/|", |
| 651 | } |
| 652 | |
| 653 | @Article{Canetti:2004:ROM, |
| 654 | author = "Ran Canetti and Oded Goldreich and Shai Halevi", |
| 655 | title = "The random oracle methodology, revisited", |
| 656 | journal = "Journal of the ACM", |
| 657 | volume = "51", |
| 658 | number = "4", |
| 659 | pages = "557--594", |
| 660 | month = jul, |
| 661 | year = "2004", |
| 662 | CODEN = "JACOAH", |
| 663 | ISSN = "0004-5411", |
| 664 | bibdate = "Sat Jul 10 09:49:01 MDT 2004", |
| 665 | bibsource = "http://portal.acm.org/", |
| 666 | acknowledgement = "Nelson H. F. Beebe, University of Utah, Department |
| 667 | of Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake |
| 668 | City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1 |
| 669 | 801 581 4148, e-mail: \path|beebe@math.utah.edu|, |
| 670 | \path|beebe@acm.org|, \path|beebe@computer.org| |
| 671 | (Internet), URL: |
| 672 | \path|http://www.math.utah.edu/~beebe/|", |
| 673 | } |
| 674 | |
| 675 | @Article{Boneh:2003:IBE, |
| 676 | author = "Dan Boneh and Matthew Franklin", |
| 677 | title = "Identity-Based Encryption from the {Weil} Pairing", |
| 678 | journal = "SIAM Journal on Computing", |
| 679 | volume = "32", |
| 680 | number = "3", |
| 681 | pages = "586--615", |
| 682 | month = jun, |
| 683 | year = "2003", |
| 684 | CODEN = "SMJCAT", |
| 685 | doi = "http://dx.doi.org/10.1137/S0097539701398521", |
| 686 | ISSN = "0097-5397 (print), 1095-7111 (electronic)", |
| 687 | bibdate = "Wed Aug 20 06:43:35 MDT 2003", |
| 688 | bibsource = "http://epubs.siam.org/sam-bin/dbq/toclist/SICOMP/32/3", |
| 689 | URL = "http://epubs.siam.org/sam-bin/dbq/article/39852", |
| 690 | acknowledgement = "Nelson H. F. Beebe, University of Utah, Department |
| 691 | of Mathematics, 110 LCB, 155 S 1400 E RM 233, Salt Lake |
| 692 | City, UT 84112-0090, USA, Tel: +1 801 581 5254, FAX: +1 |
| 693 | 801 581 4148, e-mail: \path|beebe@math.utah.edu|, |
| 694 | \path|beebe@acm.org|, \path|beebe@computer.org| |
| 695 | (Internet), URL: |
| 696 | \path|http://www.math.utah.edu/~beebe/|", |
| 697 | doi-url = "http://dx.doi.org/10.1137/S0097539701398521", |
| 698 | } |
| 699 | |
| 700 | |
| 701 | @Article{ElGamal:1985:PKC, |
| 702 | author = "Taher ElGamal", |
| 703 | booktitle = "Advances in cryptology (Santa Barbara, Calif., 1984)", |
| 704 | title = "A public key cryptosystem and a signature scheme based |
| 705 | on discrete logarithms", |
| 706 | journal = "Lecture Notes in Computer Science", |
| 707 | volume = "196", |
| 708 | pages = "10--18", |
| 709 | year = "1985", |
| 710 | CODEN = "LNCSD9", |
| 711 | ISSN = "0302-9743", |
| 712 | MRclass = "94A60 (11T71 68P25)", |
| 713 | MRnumber = "87b:94037", |
| 714 | mrnumber-url = "http://www.ams.org/mathscinet-getitem?mr=87b%3a94037", |
| 715 | } |
| 716 | |
| 717 | @misc{Menezes:2005:IPB, |
| 718 | author = "Alfred Menezes", |
| 719 | title = "An Introduction to Pairing-Based Cryptography", |
| 720 | url = "http://www.cacr.math.uwaterloo.ca/~ajmeneze/publications/pairings.pdf", |
| 721 | note = "Notes from lectures given in Santander, Spain", |
| 722 | year = "2005" |
| 723 | } |
| 724 | |
| 725 | @misc{Stinson:2006:EST, |
| 726 | author = {D.R. Stinson and J. Wu}, |
| 727 | title = {An Efficient and Secure Two-flow Zero-Knowledge Identification Protocol}, |
| 728 | howpublished = {Cryptology ePrint Archive, Report 2006/337}, |
| 729 | year = {2006}, |
| 730 | url = {http://eprint.iacr.org/2006/337}, |
| 731 | } |
| 732 | |
| 733 | @misc{DiRaimondo:2006:DAK, |
| 734 | author = {Mario Di Raimondo and Rosario Gennaro and Hugo Krawczyk}, |
| 735 | title = {Deniable Authentication and Key Exchange}, |
| 736 | howpublished = {Cryptology ePrint Archive, Report 2006/280}, |
| 737 | year = {2006}, |
| 738 | url = {http://eprint.iacr.org/2006/280}, |
| 739 | } |
| 740 | |
| 741 | @misc{SEC1, |
| 742 | author = "{Certicom Research}", |
| 743 | title = "Standards for Efficient Cryptography, {SEC} 1: {E}lliptic curve cryptography, Version 1.0", |
| 744 | year = "2000", |
| 745 | url = "http://www.secg.org/download/aid-385/sec1_final.pdf" |
| 746 | } |
| 747 | |
| 748 | @proceedings{DBLP:conf/fse/2001, |
| 749 | editor = {Mitsuru Matsui}, |
| 750 | title = {Fast Software Encryption, 8th International Workshop, FSE 2001 |
| 751 | Yokohama, Japan, April 2-4, 2001, Revised Papers}, |
| 752 | booktitle = {FSE}, |
| 753 | publisher = {Springer}, |
| 754 | series = {Lecture Notes in Computer Science}, |
| 755 | volume = {2355}, |
| 756 | year = {2002}, |
| 757 | isbn = {3-540-43869-6}, |
| 758 | bibsource = {DBLP, http://dblp.uni-trier.de} |
| 759 | } |
| 760 | |