On the Relationships Between Notions of Simulation-Based Security

  • Anupam Datta
  • Ralf Küsters
  • John C. Mitchell
  • Ajith Ramanathan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3378)


Several compositional forms of simulation-based security have been proposed in the literature, including universal composability, black-box simulatability, and variants thereof. These relations between a protocol and an ideal functionality are similar enough that they can be ordered from strongest to weakest according to the logical form of their definitions. However, determining whether two relations are in fact identical depends on some subtle features that have not been brought out in previous studies. We identify the position of a “master process” in the distributed system, and some limitations on transparent message forwarding within computational complexity bounds, as two main factors. Using a general computational framework, we clarify the relationships between the simulation-based security conditions.


Single Machine Output Channel Security Parameter Process Expression Ideal Functionality 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: POPL 2001, pp. 104–115 (2001)Google Scholar
  2. 2.
    Abadi, M., Gordon, A.D.: A bisimulation method for cryptographic protocols. In: Hankin, C. (ed.) ESOP 1998. LNCS, vol. 1381, p. 12. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  3. 3.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: the spi calculus. Information and Computation 143, 1–70 (1999); Expanded version available as SRC Research Report 149 (January 1998)CrossRefMathSciNetGoogle Scholar
  4. 4.
    Backes, M., Pfitzmann, B., Waidner, M.: A general composition theorem for secure reactive systems. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 336–354. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Backes, M., Pfitzmann, B., Waidner, M.: ecure asynchronous reactive systems. Technical Report 082, Eprint (2004)Google Scholar
  6. 6.
    Backes, M., Pfitzmann, B., Steiner, M., Waidner, M.: Polynomial fairness and liveness. In: Proceedings of 15th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, pp. 160–174 (2002)Google Scholar
  7. 7.
    Backes, M., Pfitzmann, B., Waidner, M.: Reactively secure signature schemes. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 84–95. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proc. 42nd IEEE Symp. on the Foundations of Computer Science. IEEE, Los Alamitos (2001); Full version available at Google Scholar
  9. 9.
    Canetti, R.: Personal communication (2004)Google Scholar
  10. 10.
    Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Canetti, R., Kushilevitz, E., Lindell, Y.: On the limitations of universally composable two-party computation without set-up assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 68–86. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: Proc. ACM Symp. on the Theory of Computing, pp. 494–503 (2002)Google Scholar
  14. 14.
    Datta, A., Küsters, R., Mitchell, J.C., Ramanathan, A.: Sequential probabilisitic process calculus and simulation-based security (2004), Unpublished technical report at
  15. 15.
    Datta, A., Küsters, R., Mitchell, J.C., Ramanathan, A., Shmatikov, V.: Unifying equivalence-based definitions of protocol security. In: ACM SIGPLAN and IFIP WG 1.7, 4th Workshop on Issues in the Theory of Security (2004)Google Scholar
  16. 16.
    Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs (1985)zbMATHGoogle Scholar
  17. 17.
    Lincoln, P.D., Mitchell, J.C., Mitchell, M., Scedrov, A.: Probabilistic polynomial-time equivalence and security protocols. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 776–793. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  18. 18.
    Milner, R.: A Calculus of Communicating Systems. Springer, Heidelberg (1980)zbMATHGoogle Scholar
  19. 19.
    Milner, R.: Communication and Concurrency. International Series in Computer Science. Prentice Hall, Englewood Cliffs (1989)zbMATHGoogle Scholar
  20. 20.
    Mitchell, J.C., Mitchell, M., Scedrov, A.: A linguistic characterization of bounded oracle computation and probabilistic polynomial time. In: Proc. 39th Annual IEEE Symposium on the Foundations of Computer Science, Palo Alto, California, pp. 725–733. IEEE, Los Alamitos (1998)Google Scholar
  21. 21.
    Mitchell, J.C., Ramanathan, A., Scedrov, A., Teague, V.: A probabilistic polynomial-time calculus for the analysis of cryptographic protocols (preliminary report). In: Brookes, S., Mislove, M. (eds.) 17th Annual Conference on the Mathematical Foundations of Programming Semantics, Arhus, Denmark, May, 2001. Electronic notes in Theoretical Computer Science, vol. 45 (2001)Google Scholar
  22. 22.
    Pfitzmann, B., Waidner, M.: A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission. In: IEEE Symposium on Security and Privacy, pp. 184–200. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  23. 23.
    Ramanathan, A., Mitchell, J.C., Scedrov, A., Teague, V.: Probabilistic bisimulation and equivalence for security analysis of network protocols (2004) (unpublished), See
  24. 24.
    Ramanathan, A., Mitchell, J.C., Scedrov, A., Teague, V.: Probabilistic bisimulation and equivalence for security analysis of network protocols. In: Walukiewicz, I. (ed.) FOSSACS 2004. LNCS, vol. 2987, pp. 468–483. Springer, Heidelberg (2004); Summarizes results in [23]CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Anupam Datta
    • 1
  • Ralf Küsters
    • 2
  • John C. Mitchell
    • 1
  • Ajith Ramanathan
    • 1
  1. 1.Computer Science DepartmentStanford UniversityStanfordUSA
  2. 2.Institut für InformatikChristian-Albrechts-Universität zu KielKielGermany

Personalised recommendations