On the Relation Between SIM and IND-RoR Security Models for PAKEs
نویسندگان
چکیده
Password-based Authenticated Key-Exchange (PAKE) protocols allow users, who need only to share a password, to compute a high-entropy shared session key despite passwords being taken from a dictionary. Security models for PAKE protocols aim to capture the desired security properties that such protocols must satisfy when executed in the presence of an active adversary. They are usually classified into i) indistinguishabilitybased (IND-based) or ii) simulation-based (SIM-based). The relation between these two security notions is unclear and mentioned as a gap in the literature. In this work, we prove that SIM-BMP security from Boyko et al. (EUROCRYPT 2000) implies IND-RoR security from Abdalla et al. (PKC 2005) and that IND-RoR security is equivalent to a slightly modified version of SIM-BMP security. We also investigate whether IND-RoR security implies (unmodified) SIM-BMP security.
منابع مشابه
On the Achievability of Simulation-Based Security for Functional Encryption
This work attempts to clarify to what extent simulationbased security (SIM-security) is achievable for functional encryption (FE) and its relation to the weaker indistinguishability-based security (INDsecurity). Our main result is a compiler that transforms any FE scheme for the general circuit functionality (which we denote by Circuit-FE) meeting indistinguishability-based security (IND-securi...
متن کاملOn Selective-Opening Attacks against Encryption Schemes
At FOCS’99, Dwork et al. put forth the notion of ‘selective-opening attacks’ (SOAs, for short). In the literature, security against such attacks has been formalized via indistinguishability-based and simulation-based notions, respectively called IND-SO-CPA security and SIM-SO-CPA security. Furthermore, the IND-SO-CPA notion has been studied under two flavors – weak-IND-SO-CPA and full-IND-SO-CP...
متن کاملSimulation-Based Secure Functional Encryption in the Random Oracle Model
One of the main lines of research in functional encryption (FE) has consisted in studying the security notions for FE and their achievability. This study was initiated by [Boneh et al. – TCC’11, O’Neill – ePrint’10] where it was first shown that for FE the indistinguishabilitybased (IND) security notion is not sufficient in the sense that there are FE schemes that are provably IND-Secure but co...
متن کاملOn the power of rewinding simulators in functional encryption
In a seminal work, Boneh, Sahai and Waters (BSW, for short) [TCC’11] showed that for functional encryption the indistinguishability notion of security (IND-Security) is weaker than simulation-based security (SIM-Security), and that SIM-Security is in general impossible to achieve. This has opened up the door to a plethora of papers showing feasibility and new impossibility results. Nevertheless...
متن کاملPublic-Key Encryption with Simulation-Based Selective-Opening Security and Compact Ciphertexts
In a selective-opening (SO) attack on an encryption scheme, an adversary A gets a number of ciphertexts (with possibly related plaintexts), and can then adaptively select a subset of those ciphertexts. The selected ciphertexts are then opened for A (which means that A gets to see the plaintexts and the corresponding encryption random coins), and A tries to break the security of the unopened cip...
متن کامل