Information Security and Cryptography Research Group

Constructive cryptography – A new paradigm for security definitions and proofs

Ueli Maurer

Theory of Security and Applications (TOSCA 2011), Lecture Notes in Computer Science, Springer-Verlag, vol. 6993, pp. 33–56, Apr 2011.

Constructive cryptography, an application of abstract cryptography proposed by Maurer and Renner, is a new paradigm for defining the security of cryptographic schemes such as symmetric encryption, message authentication codes, public-key encryption, key-agreement protocols, and digital signature schemes, and for proving the security of protocols making use of such schemes. Such a cryptographic scheme can be seen (and defined) as constructing a certain resource (e.g. a channel or key) with certain security properties from another (weaker) such resource. For example, a secure encryption scheme constructs a secure channel from an authenticated channel and a secret key.

The term “construct”, which is defined by the use of a simulator, is composable in the sense that a protocol obtained by the composition of several secure constructive steps is itself secure. This is in contrast to both the traditional, game-based security definitions for cryptographic schemes and the attack-based security definitions used in formal-methods based security research, which are generally not composable.

Constructive cryptography allows to take a new look at cryptography and the design of cryptographic protocols. One can give explicit meaning to various types of game-based security notions of confidentiality, integrity, and malleability, one can design key agreement, secure communication, certification, and other protocols in a modular and composable manner, and one can separate the understanding of what cryptography achieves from the technical security definitions and proofs, which is useful for didactic purposes and protocol design.

BibTeX Citation

    author       = {Ueli Maurer},
    title        = {Constructive cryptography -- A new paradigm for security definitions and proofs},
    editor       = {S. Moedersheim and C. Palamidessi},
    booktitle    = {Theory of Security and Applications (TOSCA 2011)},
    pages        = 33--56,
    series       = {Lecture Notes in Computer Science},
    volume       = 6993,
    year         = 2011,
    month        = 4,
    publisher    = {Springer-Verlag},

Files and Links