Ideal Key Derivation and Encryption in Simulation-Based Security

12 years 10 months ago
Ideal Key Derivation and Encryption in Simulation-Based Security
Abstract. Many real-world protocols, such as SSL/TLS, SSH, IPsec, IEEE 802.11i, DNSSEC, and Kerberos, derive new keys from other keys. To be able to analyze such protocols in a composable way, in this paper we extend an ideal functionality for symmetric and public-key encryption proposed in previous work by a mechanism for key derivation. We also equip this functionality with message authentication codes (MACs) and ideal nonce generation. We show that the resulting ideal functionality can be realized based on standard cryptographic assumptions and constructions, hence, providing a solid foundation for faithful, composable cryptographic analysis of real-world security protocols. Based on this new functionality, we identify sufficient criteria for protocols to provide universally composable key exchange and secure channels. Since these criteria are based on the new ideal functionality, checking the criteria requires merely information-theoretic or even only syntactical arguments, rather ...
Ralf Küsters, Max Tuengerthal
Added 27 Aug 2011
Updated 27 Aug 2011
Type Journal
Year 2011
Authors Ralf Küsters, Max Tuengerthal
Comments (0)