Theory of Cryptography
DOI: 10.1007/978-3-540-70936-7_3
|View full text |Cite
|
Sign up to set email alerts
|

Long-Term Security and Universal Composability

Abstract: Abstract. Algorithmic progress and future technology threaten today's cryptographic protocols. Long-term secure protocols should not even in future reveal more information to a-then possibly unlimited-adversary.In this work we initiate the study of protocols which are long-term secure and universally composable. We show that the usual set-up assumptions used for UC protocols (e.g., a common reference string) are not sufficient to achieve long-term secure and composable protocols for commitments or general zero… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
41
0

Publication Types

Select...
5
3

Relationship

2
6

Authors

Journals

citations
Cited by 29 publications
(41 citation statements)
references
References 20 publications
0
41
0
Order By: Relevance
“…The resulting scheme even enjoys everlasting security (cf., e.g., Müller-Quade and Unruh [2007], Damgård et al [2005], Alleaume et al [2007], Cachin andMaurer [1997], andRabin [2003]): after successful revocation, the adversary cannot break the TRE even given unlimited computation.…”
Section: Our Contributionmentioning
confidence: 99%
“…The resulting scheme even enjoys everlasting security (cf., e.g., Müller-Quade and Unruh [2007], Damgård et al [2005], Alleaume et al [2007], Cachin andMaurer [1997], andRabin [2003]): after successful revocation, the adversary cannot break the TRE even given unlimited computation.…”
Section: Our Contributionmentioning
confidence: 99%
“…We believe it is meaningful to consider these two bounds separately, since they express different sorts of limitations. For example, in modeling long-lived security protocols (Cachin and Maurer 1997;Müller-Quade and Unruh 2007), it seems clear that limitations on what a machine can do in one step, or in a bounded amount of time, are quite different from limitations on the total lifetime of the machine.…”
Section: Time-bounded Task-pioasmentioning
confidence: 99%
“…Müller-Quade and Unruh [27] showed that the UC framework can also be adapted to the setting of everlasting security: we quantify over Z, Sim, Adv that are polynomialtime, but we say that Z distinguishes the real and ideal model if the distribution of Z's output is not statistically indistinguishable. That is, a protocol is considered insecure if one can distinguish real and ideal model when being polynomial-time during the protocol, but unlimited afterward (statistical indistinguishability means that no unlimited machine can distinguish).…”
Section: Everlasting Security and Composition-a Ccautionary Talementioning
confidence: 99%
“…Everlasting Quantum-UC Commitments The problem of everlasting UC commitments in the classical setting was already studied in [27]. Their protocol uses a signature card as trusted setup.…”
Section: Everlasting Security and Composition-a Ccautionary Talementioning
confidence: 99%
See 1 more Smart Citation