Disclaimer: This page refers to an external person. It only lists all the interactions between this person and the Crypto Group. Validity or accuracy of the following information is thus not guaranteed in any way.

## Seminars given

**
***February 25, 2008* - Joint State Theorems for Public-Key Encryption and Digital Signature Functionalities with Local Computation

by Ralf Kuesters

Abstract: | Composition theorems in simulation-based approaches allow
to build complex protocols from sub-protocols in a modular
way. However, as first pointed out and studied by Canetti
and Rabin, this modular approach often leads to impractical
implementations. For example, when using a functionality
for digital signatures within a more complex protocol,
parties have to generate new verification and signing keys
for every session of the protocol. This motivates to
generalize composition theorems to so-called joint state
theorems, where different copies of a functionality may
share some state, e.g., the same verification and signing
keys.
In this talk, a joint state theorem is presented which is
more general than the original theorem of Canetti and
Rabin, for which several problems and limitations are
pointed out. We apply our theorem to obtain joint state
realizations for three functionalities: public-key
encryption, replayable public-key encryption, and digital
signatures. Unlike most other formulations, our
functionalities model that ciphertexts and signatures are
computed locally, rather than being provided by the
adversary. To obtain the joint state realizations, the
functionalities have to be designed carefully. Previous
formulations are shown to be unsuitable. Our work is based
on a recently proposed, rigorous model for simulation-based
security by Kuesters, called the IITM model. Our
definitions and results demonstrate the expressivity and
simplicity of this model. For example, unlike Canetti's UC
model, in the IITM model no explicit joint state operator
needs to be defined and the joint state theorem follows
immediately from the composition theorem of the IITM model.
Joint work with Max Tuengerthal. |