Using Probabilistic I/O Automata to Analyze an Oblivious Transfer
نویسندگان
چکیده
We demonstrate how to carry out cryptographic security analysis of distributed protocols within the Probabilistic I/O Automata framework of Lynch, Segala, and Vaandrager. This framework provides tools for arguing rigorously about the concurrency and scheduling aspects of protocols, and about protocols presented at different levels of abstraction. Consequently, it can help in making cryptographic analysis more precise and less susceptible to errors. We concentrate on a relatively simple two-party Oblivious Transfer protocol, in the presence of a semi-honest adversary (essentially, an eavesdropper). For the underlying cryptographic notion of security, we use a version of Canetti’s Universally Composable security. In spite of the relative simplicity of the example, the exercise is quite nontrivial. It requires taking many fundamental issues into account, including nondeterministic behavior, scheduling, resource-bounded computation, and computational hardness assumptions for cryptographic primitives.
منابع مشابه
Using Task-Structured Probabilistic I/O Automata to Analyze an Oblivious Transfer Protocol
The Probabilistic I/O Automata framework of Lynch, Segala and Vaandrager provides tools for precisely specifying protocols and reasoning about their correctness using multiple levels of abstraction, based on implementation relationships between these levels. We enhance this framework to allow analyzing protocols that use cryptographic primitives. This requires resolving and reconciling issues s...
متن کاملUsing Probabilistic I/O Automata to Analyze an Oblivious Transfer Protocol
We demonstrate how to carry out cryptographic security analysis of distributed protocols within the Probabilistic I/O Automata framework of Lynch, Segala, and Vaandrager. This framework provides tools for arguing rigorously about the concurrency and scheduling aspects of protocols, and about protocols presented at different levels of abstraction. Consequently, it can help in making cryptographi...
متن کاملTime-Bounded Task-PIOAs: A Framework for Analyzing Security Protocols
We present the Time-Bounded Task-PIOA modeling framework, an extension of the Probabilistic I/O Automata (PIOA) framework that is intended to support modeling and verification of security protocols. Time-Bounded Task-PIOAs directly model probabilistic and nondeterministic behavior, partial-information adversarial scheduling, and time-bounded computation. Together, these features are adequate to...
متن کاملAn Approximate Scheme of Oblivious Transfer with Probabilistic Receipt
An efficient scheme is proposed which achieves the oblivious transfer with probabilistic receipt, α-OT, approximately for 0 < α < 1. The proposed scheme approximates α-OT with 2−i-OT for i = 1, 2, . . . , k. It implements γ-OT for some γ such that (α − 2−k)/(1 − 2−k) < γ ≤ α with − log(1 − α) invocations of 2−1-OT and at most 2 invocations of 2−i-OT for each i = 2, . . . , k. These invocations ...
متن کاملInput/Output Automata: Basic, Timed, Hybrid, Probabilistic, Dynamic,
The term Input/Output Automata refers to a family of system modeling frameworks based on interacting infinite-state machines. The models come in several flavors, based on which features (fairness, time, continuous behavior, probability, etc.) they can express. In each of these frameworks, automata can be composed in parallel to form more complex automata, and automata can be related using level...
متن کامل