# Information Security and Cryptography Research Group

## Constructive cryptography – A new paradigm for security definitions and proofs

### Ueli Maurer

Theory of Security and Applications (TOSCA 2011), Lecture Notes in Computer Science, Springer-Verlag, vol. 6993, pp. 33–56, Apr 2011.

Constructive cryptography, an application of abstract cryptography proposed by Maurer and Renner, is a new paradigm for defining the security of cryptographic schemes such as symmetric encryption, message authentication codes, public-key encryption, key-agreement protocols, and digital signature schemes, and for proving the security of protocols making use of such schemes. Such a cryptographic scheme can be seen (and defined) as constructing a certain resource (e.g. a channel or key) with certain security properties from another (weaker) such resource. For example, a secure encryption scheme constructs a secure channel from an authenticated channel and a secret key.

The term “construct”, which is defined by the use of a simulator, is composable in the sense that a protocol obtained by the composition of several secure constructive steps is itself secure. This is in contrast to both the traditional, game-based security definitions for cryptographic schemes and the attack-based security definitions used in formal-methods based security research, which are generally not composable.

Constructive cryptography allows to take a new look at cryptography and the design of cryptographic protocols. One can give explicit meaning to various types of game-based security notions of confidentiality, integrity, and malleability, one can design key agreement, secure communication, certification, and other protocols in a modular and composable manner, and one can separate the understanding of what cryptography achieves from the technical security definitions and proofs, which is useful for didactic purposes and protocol design.

## BibTeX Citation

@inproceedings{Maurer11,
author       = {Ueli Maurer},
title        = {Constructive cryptography -- A new paradigm for security definitions and proofs},
editor       = {S. Moedersheim and C. Palamidessi},
booktitle    = {Theory of Security and Applications (TOSCA 2011)},
pages        = 33--56,
series       = {Lecture Notes in Computer Science},
volume       = 6993,
year         = 2011,
month        = 4,
publisher    = {Springer-Verlag},
}