378 research outputs found
Physical Turing Machines and the Formalization of Physical Cryptography
We introduce an extension of the standard Turing machine model, so-called Physical Turing machines, and apply them in a reductionist security proof for a standard scheme from physical cryptography
Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions
As computation spreads from computers to networks of computers, and migrates
into cyberspace, it ceases to be globally programmable, but it remains
programmable indirectly: network computations cannot be controlled, but they
can be steered by local constraints on network nodes. The tasks of
"programming" global behaviors through local constraints belong to the area of
security. The "program particles" that assure that a system of local
interactions leads towards some desired global goals are called security
protocols. As computation spreads beyond cyberspace, into physical and social
spaces, new security tasks and problems arise. As networks are extended by
physical sensors and controllers, including the humans, and interlaced with
social networks, the engineering concepts and techniques of computer security
blend with the social processes of security. These new connectors for
computational and social software require a new "discipline of programming" of
global behaviors through local constraints. Since the new discipline seems to
be emerging from a combination of established models of security protocols with
older methods of procedural programming, we use the name procedures for these
new connectors, that generalize protocols. In the present paper we propose
actor-networks as a formal model of computation in heterogenous networks of
computers, humans and their devices; and we introduce Procedure Derivation
Logic (PDL) as a framework for reasoning about security in actor-networks. On
the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL)
that evolved through our work in security in last 10 years. Both formalisms are
geared towards graphic reasoning and tool support. We illustrate their workings
by analysing a popular form of two-factor authentication, and a multi-channel
device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended
references, added discussio
Why Philosophers Should Care About Computational Complexity
One might think that, once we know something is computable, how efficiently
it can be computed is a practical question with little further philosophical
importance. In this essay, I offer a detailed case that one would be wrong. In
particular, I argue that computational complexity theory---the field that
studies the resources (such as time, space, and randomness) needed to solve
computational problems---leads to new perspectives on the nature of
mathematical knowledge, the strong AI debate, computationalism, the problem of
logical omniscience, Hume's problem of induction, Goodman's grue riddle, the
foundations of quantum mechanics, economic rationality, closed timelike curves,
and several other topics of philosophical interest. I end by discussing aspects
of complexity theory itself that could benefit from philosophical analysis.Comment: 58 pages, to appear in "Computability: G\"odel, Turing, Church, and
beyond," MIT Press, 2012. Some minor clarifications and corrections; new
references adde
How to Build Unconditionally Secure Quantum Bit Commitment Protocols
The ``impossibility proof'' on unconditionally secure quantum bit commitment
is critically analyzed. Many possibilities for obtaining a secure bit
commitment protocol are indicated, purely on the basis of two-way quantum
communications, which are not covered by the impossibility proof formulation.
They are classified under six new types of protocols, with security proofs for
specific examples on four types. Reasons for some previously failed attempts at
obtaining secure protocols are also indicated.Comment: 10 pages, revtex4; significant changes (see footnote
EasyUC: using EasyCrypt to mechanize proofs of universally composable security
We present a methodology for using the EasyCrypt proof assistant (originally designed for mechanizing the generation of proofs of game-based security of cryptographic schemes and protocols) to mechanize proofs of security of cryptographic protocols within the universally composable (UC) security framework. This allows, for the first time, the mechanization and formal verification of the entire sequence of steps needed for proving simulation-based security in a modular way: Specifying a protocol and the desired ideal functionality; Constructing a simulator and demonstrating its validity, via reduction to hard computational problems; Invoking the universal composition operation and demonstrating that it indeed preserves security. We demonstrate our methodology on a simple example: stating and proving the security of secure message communication via a one-time pad, where the key comes from a Diffie-Hellman key-exchange, assuming ideally authenticated communication. We first put together EasyCrypt-verified proofs that: (a) the Diffie-Hellman protocol UC-realizes an ideal key-exchange functionality, assuming hardness of the Decisional Diffie-Hellman problem, and (b) one-time-pad encryption, with a key obtained using ideal key-exchange, UC-realizes an ideal secure-communication functionality. We then mechanically combine the two proofs into an EasyCrypt-verified proof that the composed protocol realizes the same ideal secure-communication functionality. Although formulating a methodology that is both sound and workable has proven to be a complex task, we are hopeful that it will prove to be the basis for mechanized UC security analyses for significantly more complex protocols and tasks.Accepted manuscrip
Private Function Evaluation with Cards
Card-based protocols allow to evaluate an arbitrary fixed Boolean function on a hidden input to obtain a hidden output, without the executer learning anything about either of the two (e.g., [12]). We explore the case where implements a universal function, i.e., is given the encoding ⟨⟩ of a program and an input and computes (⟨⟩,)=(). More concretely, we consider universal circuits, Turing machines, RAM machines, and branching programs, giving secure and conceptually simple card-based protocols in each case. We argue that card-based cryptography can be performed in a setting that is only very weakly interactive, which we call the “surveillance” model. Here, when Alice executes a protocol on the cards, the only task of Bob is to watch that Alice does not illegitimately turn over cards and that she shuffles in a way that nobody knows anything about the total permutation applied to the cards. We believe that because of this very limited interaction, our results can be called program obfuscation. As a tool, we develop a useful sub-protocol ↑ that couples the two equal-length sequences , and jointly and obliviously permutes them with the permutation ∈ that lexicographically minimizes (). We argue that this generalizes ideas present in many existing card-based protocols. In fact, AND, XOR, bit copy [37], coupled rotation shuffles [30] and the “permutation division” protocol of [22] can all be expressed as “coupled sort protocols”
- …