Using IND-CVA for constructing secure communication  

作　　者：HU ZhenYu JIANG JianChun SUN FuChun 

机构地区：[1]National Laboratory of Information Science and Technology, Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China [2]Institute of Software, Chinese Academy of Sciences, Beijing 100080, China

出　　处：《Science in China(Series F)》2009年第10期1801-1811,共11页中国科学（F辑英文版）

基　　金：Supported by the National Basic Research Program of China (Grant No. G2002cb312205)

摘　　要：Within the framework of UC （universally composable） security, a general method is presented to construct a secure channel protocol with using IND-CVA （indistinguishability of encryption scheme under ciphertext verification attacks）. A channel protocol with using the method first invokes an ideal keyexchange protocol to get a session key, and then computes the messages with an authenticated encryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated encryption scheme is both IND-CVA secure and INT-PTXT secure. The condition about secure channel protocol in this paper is much weaker than IND-CCA secure and INT-CTXT secure. The IND-CVA can be presented for describing the privacy requirements of secure channels in detail. Moreover, the method for designing secure channel protocol in the paper reduces the UC security of secure channels, which are measured by action-simulation in the UC security framework, to the security of authenticated encryption schemes, which are measured semantically.Within the framework of UC （universally composable） security, a general method is presented to construct a secure channel protocol with using IND-CVA （indistinguishability of encryption scheme under ciphertext verification attacks）. A channel protocol with using the method first invokes an ideal keyexchange protocol to get a session key, and then computes the messages with an authenticated encryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated encryption scheme is both IND-CVA secure and INT-PTXT secure. The condition about secure channel protocol in this paper is much weaker than IND-CCA secure and INT-CTXT secure. The IND-CVA can be presented for describing the privacy requirements of secure channels in detail. Moreover, the method for designing secure channel protocol in the paper reduces the UC security of secure channels, which are measured by action-simulation in the UC security framework, to the security of authenticated encryption schemes, which are measured semantically.

关 键 词：universally composable security secure channel authenticated encryption semantic security INTEGRITY 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术] Q954.52[自动化与计算机技术—计算机科学与技术]