eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2009-02-27
8491
1
16
10.4230/DagSemProc.08491.1
article
08491 Abstracts Collection – Theoretical Foundations of Practical Information Security
Canetti, Ran
Goldwasser, Shafi
Müller, Günter
Steinwandt, Rainer
From 30.11. to 05.12.2008, the Dagstuhl Seminar 08491 ``Theoretical Foundations of Practical Information Security '' was held in Schloss Dagstuhl~--~Leibniz Center for Informatics.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available.
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol08491/DagSemProc.08491.1/DagSemProc.08491.1.pdf
Organic computing
self-organisation
design
adaptivity
eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2009-02-27
8491
1
0
10.4230/DagSemProc.08491.2
article
08491 Executive Summary – Theoretical Foundations of Practical Information Security
Canetti, Ran
Goldwasser, Shafi
Müller, Günter
Steinwandt, Rainer
Designing, building, and operating secure information processing
systems is a complex task, and the only scientific way to address the
diverse challenges arising throughout the life-cycle of security
criticial systems is to consolidate and increase the knowledge of the
theoretical foundations of practical security problems. To this aim,
the mutual exchange of ideas across individual security research
communities can be extraordinary beneficial. Accordingly, the
motivation of this Dagstuhl seminar was the integration of different
research areas with the common goal of providing an integral
theoretical basis that is needed for the design of secure information
processing systems.
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol08491/DagSemProc.08491.2/DagSemProc.08491.2.pdf
Organic computing
self-organisation
design
adaptivity
eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2009-02-27
8491
1
0
10.4230/DagSemProc.08491.3
article
Modeling Computational Security in Long-Lived Systems
Canetti, Ran
Cheung, Ling
Kaynar, Dilsun
Lynch, Nancy
Pereira, Olivier
For many cryptographic protocols, security relies on the assumption
that adversarial entities have limited computational power.
This type of security degrades progressively over the lifetime of a protocol.
However, some cryptographic services, such as timestamping services or
digital archives, are emph{long-lived} in nature; they are expected to be
secure and operational for a very long time (ie super-polynomial).
In such cases, security cannot be guaranteed in the traditional sense:
a computationally secure protocol may become insecure if the attacker
has a super-polynomial number of interactions with the protocol.
This paper proposes a new paradigm for the analysis of long-lived
security protocols.
We allow entities to be active for a potentially unbounded amount of
real time, provided they perform only a polynomial amount of work emph{per
unit of real time}.
Moreover, the space used by these entities is allocated dynamically and must be
polynomially bounded.
We propose a new notion of emph{long-term implementation}, which is an
adaptation of computational indistinguishability to the long-lived
setting.
We show that long-term implementation is preserved under polynomial parallel
composition and exponential sequential composition.
We illustrate the use of this new paradigm by analyzing some security
properties of the long-lived timestamping protocol of Haber and Kamat.
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol08491/DagSemProc.08491.3/DagSemProc.08491.3.pdf
Long lived security; universally composable security;
eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2009-02-27
8491
1
0
10.4230/DagSemProc.08491.4
article
Public-Key Cryptosystems from the Worst-Case Shortest Vector Problem
Peikert, Chris
We construct public-key cryptosystems that are secure assuming the
*worst-case* hardness of approximating the shortest vector problem on
lattices. Prior cryptosystems with worst-case connections (e.g., the
Ajtai-Dwork system) were based either on a *special case* of the
shortest vector problem, or on the conjectured hardness of lattice
problems for *quantum* algorithms.
Our main technical innovation is a reduction from certain variants of
the shortest vector problem to corresponding versions of the "learning
with errors" (LWE) problem; previously, only a quantum reduction of
this kind was known. In addition, we construct new cryptosystems
based on LWE, including a very natural chosen ciphertext-secure system
that has a much simpler description and tighter underlying worst-case
approximation factor than prior constructions.
(Duration: 30 minutes, on or before Wednesday.)
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol08491/DagSemProc.08491.4/DagSemProc.08491.4.pdf
Lattice-based cryptography
learning with errors
quantum computation
eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Dagstuhl Seminar Proceedings
1862-4405
2009-02-27
8491
1
0
10.4230/DagSemProc.08491.5
article
Sound and Fine-grain Specification of Ideal Functionalities
Garay, Juan
Kiayias, Aggelos
Zhou, Hong-Sheng
Nowadays it is widely accepted to formulate the security of a protocol carrying out a given task via the "trusted-party paradigm," where the protocol execution is compared with an ideal process where the outputs are computed by a trusted party that sees all the inputs. A protocol is said to securely carry out a given task if running the protocol with a realistic adversary amounts to "emulating" the ideal process with the appropriate trusted party. In the Universal Composability (UC) framework the program run by the trusted party is called an ideal functionality. While this simulation-based security formulation provides strong security guarantees, its usefulness is contingent on the properties and correct specification of the ideal functionality, which, as
demonstrated in recent years by the coexistence of complex, multiple functionalities for the same task as well as by their "unstable" nature, does not seem to be an easy task.
In this paper we address this problem, by introducing a general methodology for the sound specification of ideal functionalities. First, we introduce the class of canonical ideal functionalities for a cryptographic task, which unifies the syntactic specification of a large class of cryptographic tasks under the same basic template functionality. Furthermore, this representation enables the isolation of the individual properties of a cryptographic task as separate members of the corresponding class. By endowing the class of canonical
functionalities with an algebraic structure we are able to combine basic functionalities to a single final canonical functionality for a given task. Effectively, this puts forth a bottom-up approach for the specification
of ideal functionalities: first one defines a set of basic constituent functionalities for the task at hand, and then combines them into a single ideal functionality taking advantage of the algebraic structure.
In our framework, the constituent functionalities of a task can be derived either directly or, following a translation strategy we introduce, from existing game-based definitions; such definitions have in many
cases captured desired individual properties of cryptographic tasks, albeit in less adversarial settings than universal composition. Our translation methodology entails a sequence of steps that derive a corresponding
canonical functionality given a game-based definition. In this way, we obtain a well-defined mapping of game-based security properties to their corresponding UC counterparts.
Finally, we demonstrate the power of our approach by applying our methodology to a variety of basic cryptographic tasks, including commitments, digital signatures, zero-knowledge proofs, and oblivious transfer.
While in some cases our derived canonical functionalities are equivalent to existing formulations, thus attesting to the validity of our approach, in others they differ, enabling us to "debug" previous definitions and pinpoint their shortcomings.
https://drops.dagstuhl.de/storage/16dagstuhl-seminar-proceedings/dsp-vol08491/DagSemProc.08491.5/DagSemProc.08491.5.pdf
Security definitions
universal composability
cryptographic protocols
lattices and partial orders.