当前位置:
X-MOL 学术
›
J. Cryptol.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Joint State Composition Theorems for Public-Key Encryption and Digital Signature Functionalities with Local Computation
Journal of Cryptology ( IF 3 ) Pub Date : 2020-05-29 , DOI: 10.1007/s00145-020-09353-0 Ralf Küsters , Max Tuengerthal , Daniel Rausch
Journal of Cryptology ( IF 3 ) Pub Date : 2020-05-29 , DOI: 10.1007/s00145-020-09353-0 Ralf Küsters , Max Tuengerthal , Daniel Rausch
In frameworks for universal composability, complex protocols can be built from sub-protocols in a modular way using composition theorems. However, as first pointed out and studied by Canetti and Rabin, this modular approach often leads to impractical implementations. For example, when using a functionality for digital signatures within a more complex protocol, parties have to generate new verification and signing keys for every session of the protocol. This motivates to generalize composition theorems to so-called joint state (composition) theorems, where different copies of a functionality may share some state, e.g., the same verification and signing keys. In this paper, we present a joint state theorem which is more general than the original theorem of Canetti and Rabin, for which several problems and limitations are pointed out. We apply our theorem to obtain joint state realizations for three functionalities: public-key encryption, replayable public-key encryption, and digital signatures. Unlike most other formulations, our functionalities model that ciphertexts and signatures are computed locally, rather than being provided by the adversary. To obtain the joint state realizations, the functionalities have to be designed carefully. Other formulations proposed in the literature are shown to be unsuitable. Our work is based on the IITM model. Our definitions and results demonstrate the expressivity and simplicity of this model. For example, unlike Canetti’s UC model, in the IITM model no explicit joint state operator needs to be defined and the joint state theorem follows immediately from the composition theorem in the IITM model.
中文翻译:
具有本地计算的公钥加密和数字签名功能的联合状态组合定理
在通用可组合性框架中,可以使用组合定理以模块化方式从子协议构建复杂协议。然而,正如 Canetti 和 Rabin 首次指出和研究的那样,这种模块化方法通常会导致不切实际的实现。例如,当在更复杂的协议中使用数字签名功能时,各方必须为协议的每个会话生成新的验证和签名密钥。这促使将组合定理推广到所谓的联合状态(组合)定理,其中功能的不同副本可能共享某些状态,例如相同的验证和签名密钥。在本文中,我们提出了一个比 Canetti 和 Rabin 的原始定理更通用的联合状态定理,并指出了一些问题和局限性。我们应用我们的定理来获得三个功能的联合状态实现:公钥加密、可重播公钥加密和数字签名。与大多数其他公式不同,我们的功能模型是在本地计算密文和签名,而不是由对手提供。为了获得联合状态实现,必须仔细设计功能。文献中提出的其他配方被证明是不合适的。我们的工作基于 IITM 模型。我们的定义和结果证明了该模型的表现力和简单性。例如,与 Canetti 的 UC 模型不同,在 IITM 模型中不需要定义明确的联合状态算子,联合状态定理直接来自 IITM 模型中的组合定理。
更新日期:2020-05-29
中文翻译:
具有本地计算的公钥加密和数字签名功能的联合状态组合定理
在通用可组合性框架中,可以使用组合定理以模块化方式从子协议构建复杂协议。然而,正如 Canetti 和 Rabin 首次指出和研究的那样,这种模块化方法通常会导致不切实际的实现。例如,当在更复杂的协议中使用数字签名功能时,各方必须为协议的每个会话生成新的验证和签名密钥。这促使将组合定理推广到所谓的联合状态(组合)定理,其中功能的不同副本可能共享某些状态,例如相同的验证和签名密钥。在本文中,我们提出了一个比 Canetti 和 Rabin 的原始定理更通用的联合状态定理,并指出了一些问题和局限性。我们应用我们的定理来获得三个功能的联合状态实现:公钥加密、可重播公钥加密和数字签名。与大多数其他公式不同,我们的功能模型是在本地计算密文和签名,而不是由对手提供。为了获得联合状态实现,必须仔细设计功能。文献中提出的其他配方被证明是不合适的。我们的工作基于 IITM 模型。我们的定义和结果证明了该模型的表现力和简单性。例如,与 Canetti 的 UC 模型不同,在 IITM 模型中不需要定义明确的联合状态算子,联合状态定理直接来自 IITM 模型中的组合定理。
京公网安备 11010802027423号