In this paper we examine composability properties for the fundamental task of key exchange. Roughly speaking, we show that key exchange protocols secure in the prevalent model of Bellare and Rogaway can be composed with arbitrary protocols that require symmetrically distributed keys. This composition theorem holds if the key exchange protocol satis fi es an additional technical requirement that our analysis brings to light: it should be possible to determine which sessions derive equal keys given only the publicly available information.
What distinguishes our results from virtually all existing work is that we do not rely, neither directly nor indirectly, on the simulation paradigm. Instead, our security notions and composition theorems exclusively use a game-based formalism. We thus avoid several undesirable consequences of simulation-based security notions and support applicability to a broader class of protocols. In particular, we o ff er an abstract formalization of game-based security that should be of independent interest in other investigations using gamebased formalisms.
|Title of host publication||PROCEEDINGS OF THE 18TH ACM CONFERENCE ON COMPUTER & COMMUNICATIONS SECURITY (CCS 11)|
|Number of pages||11|
|Publication status||Published - 2011|
|MoE publication type||A4 Article in a conference publication|
|Event||ACM Conference on Computer and Communications Security - Chicago, United States|
Duration: 17 Oct 2011 → 21 Oct 2011
Conference number: 18
|Conference||ACM Conference on Computer and Communications Security|
|Period||17/10/2011 → 21/10/2011|
- key exchange