Description
Simulatability has established itself as a salient notion for proving the security of multi-party protocols since it entails strong security and compositionality guarantees, which are achieved by universally quantifying over all environmental behaviors of the analyzed protocol. As a consequence, however, protocols that are secure except for certain environmental behaviors are not simulatable, even if these behaviors are efficiently identifiable and thus can be prevented by the surrounding protocol. We propose a relaxation of simulatability by conditioning the permitted environmental behaviors, i.e., simulation is only required for environmental behaviors that fulfill explicitly stated constraints. This yields a more fine-grained security definition that is achievable for several protocols for which unconditional simulatability is too strict a notion. Although imposing restrictions on the environment destroys unconditional composability in general, we show that composition of a large class of conditionally secure protocols yields conditionally simulatable protocols again. Moreover, for several commonly investigated protocol classes we show that their composition yields protocols that are simulatable in the standard, unconditional sense.
Prochains exposés
-
Endomorphisms via Splittings
Orateur : Min-Yi Shen - No Affiliation
One of the fundamental hardness assumptions underlying isogeny-based cryptography is the problem of finding a non-trivial endomorphism of a given supersingular elliptic curve. In this talk, we show that the problem is related to the problem of finding a splitting of a principally polarised superspecial abelian surface. In particular, we provide formal security reductions and a proof-of-concept[…]-
Cryptography
-