scispace - formally typeset
Search or ask a question
Posted Content

Categorical composable cryptography.

TL;DR: In this article, the authors formalize the simulation paradigm of cryptography in terms of category theory and show that protocols secure against abstract attacks form a symmetric monoidal category, thus giving an abstract model of composable security definitions in cryptography.
Abstract: We formalize the simulation paradigm of cryptography in terms of category theory and show that protocols secure against abstract attacks form a symmetric monoidal category, thus giving an abstract model of composable security definitions in cryptography. Our model is able to incorporate computational security, set-up assumptions and various attack models such as colluding or independently acting subsets of adversaries in a modular, flexible fashion. We conclude by using string diagrams to rederive no-go results concerning the limits of bipartite and tripartite cryptography, ruling out e.g. composable commitments and broadcasting. On the way, we exhibit two categorical constructions of resource theories that might be of independent interest: one capturing resources shared among n parties and one capturing resource conversions that succeed asymptotically.
Citations
More filters
Journal ArticleDOI
06 Jun 2022-Entropy
TL;DR: This review article surveys the work developed around the concept of oblivious transfer within theoretical quantum cryptography and focuses on some proposed protocols and their security requirements.
Abstract: Quantum cryptography is the field of cryptography that explores the quantum properties of matter. Generally, it aims to develop primitives beyond the reach of classical cryptography and to improve existing classical implementations. Although much of the work in this field covers quantum key distribution (QKD), there have been some crucial steps towards the understanding and development of quantum oblivious transfer (QOT). One can show the similarity between the application structure of both QKD and QOT primitives. Just as QKD protocols allow quantum-safe communication, QOT protocols allow quantum-safe computation. However, the conditions under which QOT is fully quantum-safe have been subject to intense scrutiny and study. In this review article, we survey the work developed around the concept of oblivious transfer within theoretical quantum cryptography. We focus on some proposed protocols and their security requirements. We review the impossibility results that daunt this primitive and discuss several quantum security models under which it is possible to prove QOT security.

3 citations

Journal ArticleDOI
TL;DR: SSProve as discussed by the authors is a verification framework for state-separating proofs in Coq. SSProve combines high-level modular proofs about composed protocols, as proposed in SSP, with a probabilistic relational program logic for formalizing the lower level details, which together enable constructing machine-checked cryptographic proofs in the Coq proof assistant.
Abstract: State-separating proofs (SSP) is a recent methodology for structuring game-based cryptographic proofs in a modular way, by using algebraic laws to exploit the modular structure of composed protocols. While promising, this methodology was previously not fully formalized and came with little tool support. We address this by introducing SSProve, the first general verification framework for machine-checked state-separating proofs. SSProve combines high-level modular proofs about composed protocols, as proposed in SSP, with a probabilistic relational program logic for formalizing the lower-level details, which together enable constructing machine-checked cryptographic proofs in the Coq proof assistant. Moreover, SSProve is itself fully formalized in Coq, including the algebraic laws of SSP, the soundness of the program logic, and the connection between these two verification styles. To illustrate SSProve we use it to mechanize the simple security proofs of ElGamal and PRF-based encryption. We also validate the SSProve approach by conducting two more substantial case studies: First, we mechanize an SSP security proof of the KEM-DEM public key encryption scheme, which led to the discovery of an error in the original paper proof that has since been fixed. Second, we use SSProve to formally prove security of the sigma-protocol zero-knowledge construction, and we moreover construct a commitment scheme from a sigma-protocol to compare with a similar development in CryptHOL. We instantiate the security proof for sigma-protocols to give concrete security bounds for Schnorr’s sigma-protocol.
References
More filters
Book
01 Jan 1971
TL;DR: In this article, the authors present a table of abstractions for categories, including Axioms for Categories, Functors, Natural Transformations, and Adjoints for Preorders.
Abstract: I. Categories, Functors and Natural Transformations.- 1. Axioms for Categories.- 2. Categories.- 3. Functors.- 4. Natural Transformations.- 5. Monics, Epis, and Zeros.- 6. Foundations.- 7. Large Categories.- 8. Hom-sets.- II. Constructions on Categories.- 1. Duality.- 2. Contravariance and Opposites.- 3. Products of Categories.- 4. Functor Categories.- 5. The Category of All Categories.- 6. Comma Categories.- 7. Graphs and Free Categories.- 8. Quotient Categories.- III. Universals and Limits.- 1. Universal Arrows.- 2. The Yoneda Lemma.- 3. Coproducts and Colimits.- 4. Products and Limits.- 5. Categories with Finite Products.- 6. Groups in Categories.- IV. Adjoints.- 1. Adjunctions.- 2. Examples of Adjoints.- 3. Reflective Subcategories.- 4. Equivalence of Categories.- 5. Adjoints for Preorders.- 6. Cartesian Closed Categories.- 7. Transformations of Adjoints.- 8. Composition of Adjoints.- V. Limits.- 1. Creation of Limits.- 2. Limits by Products and Equalizers.- 3. Limits with Parameters.- 4. Preservation of Limits.- 5. Adjoints on Limits.- 6. Freyd's Adjoint Functor Theorem.- 7. Subobjects and Generators.- 8. The Special Adjoint Functor Theorem.- 9. Adjoints in Topology.- VI. Monads and Algebras.- 1. Monads in a Category.- 2. Algebras for a Monad.- 3. The Comparison with Algebras.- 4. Words and Free Semigroups.- 5. Free Algebras for a Monad.- 6. Split Coequalizers.- 7. Beck's Theorem.- 8. Algebras are T-algebras.- 9. Compact Hausdorff Spaces.- VII. Monoids.- 1. Monoidal Categories.- 2. Coherence.- 3. Monoids.- 4. Actions.- 5. The Simplicial Category.- 6. Monads and Homology.- 7. Closed Categories.- 8. Compactly Generated Spaces.- 9. Loops and Suspensions.- VIII. Abelian Categories.- 1. Kernels and Cokernels.- 2. Additive Categories.- 3. Abelian Categories.- 4. Diagram Lemmas.- IX. Special Limits.- 1. Filtered Limits.- 2. Interchange of Limits.- 3. Final Functors.- 4. Diagonal Naturality.- 5. Ends.- 6. Coends.- 7. Ends with Parameters.- 8. Iterated Ends and Limits.- X. Kan Extensions.- 1. Adjoints and Limits.- 2. Weak Universality.- 3. The Kan Extension.- 4. Kan Extensions as Coends.- 5. Pointwise Kan Extensions.- 6. Density.- 7. All Concepts are Kan Extensions.- Table of Terminology.

9,254 citations

Proceedings ArticleDOI
Ran Canetti1
14 Oct 2001
TL;DR: The notion of universally composable security was introduced in this paper for defining security of cryptographic protocols, which guarantees security even when a secure protocol is composed of an arbitrary set of protocols, or more generally when the protocol is used as a component of a system.
Abstract: We propose a novel paradigm for defining security of cryptographic protocols, called universally composable security. The salient property of universally composable definitions of security is that they guarantee security even when a secure protocol is composed of an arbitrary set of protocols, or more generally when the protocol is used as a component of an arbitrary system. This is an essential property for maintaining security of cryptographic protocols in complex and unpredictable environments such as the Internet. In particular, universally composable definitions guarantee security even when an unbounded number of protocol instances are executed concurrently in an adversarially controlled manner, they guarantee non-malleability with respect to arbitrary protocols, and more. We show how to formulate universally composable definitions of security for practically any cryptographic task. Furthermore, we demonstrate that practically any such definition can be realized using known techniques, as long as only a minority of the participants are corrupted. We then proceed to formulate universally composable definitions of a wide array of cryptographic tasks, including authenticated and secure communication, key-exchange, public-key encryption, signature, commitment, oblivious transfer, zero knowledge and more. We also make initial steps towards studying the realizability of the proposed definitions in various settings.

3,439 citations

Journal ArticleDOI
TL;DR: It is proved that the 1984 protocol of Bennett and Brassard (BB84) for quantum key distribution is secure, and a key distribution protocol based on entanglement purification is given, which can be proven secure using methods from Lo and Chau's proof of security for a similar protocol.
Abstract: We prove that the 1984 protocol of Bennett and Brassard (BB84) for quantum key distribution is secure. We first give a key distribution protocol based on entanglement purification, which can be proven secure using methods from Lo and Chau's proof of security for a similar protocol. We then show that the security of this protocol implies the security of BB84. The entanglement purification based protocol uses Calderbank-Shor-Steane codes, and properties of these codes are used to remove the use of quantum computation from the Lo-Chau protocol.

2,595 citations

Journal ArticleDOI
Renato Renner1
TL;DR: In this paper, the authors propose an approach which allows us to study general physical systems for which the above mentioned independence condition does not necessarily hold, based on an extension of various information-theoretical notions.
Abstract: Quantum Information Theory is an area of physics which studies both fundamental and applied issues in quantum mechanics from an information-theoretical viewpoint. The underlying techniques are, however, often restricted to the analysis of systems which satisfy a certain independence condition. For example, it is assumed that an experiment can be repeated independently many times or that a large physical system consists of many virtually independent parts. Unfortunately, such assumptions are not always justified. This is particularly the case for practical applications — e.g. in quantum cryptography — where parts of a system might have an arbitrary and unknown behavior. We propose an approach which allows us to study general physical systems for which the above mentioned independence condition does not necessarily hold. It is based on an extension of various information-theoretical notions. For example, we introduce new uncertainty measures, called smooth min- and max-entropy, which are generalizations of ...

1,059 citations