Composition of Cryptographic Protocols in a Probabilistic Polynomial-Time Process Calculus

We use the probabilistic polynomial-time process calculus introduced in [15] to derive compositionality properties of cryptographic protocols in the presence of computationally bounded adversaries. We focus on four types of protocols: oblivious transfer (OT), secure function evaluation, zero-knowledge proofs and secure channel implementation. A general de nition for all these cases is established following the general paradigm that a protocol is secure i it can emulate an ideal protocol. To this end, we capitalize on the semantics of the calculus and extract a Markov process of observations to set up the notion of emulation. Emulation turns out to be a congruence relation and this result leads to a general composition theorem. We derive as a corollary an associated composition result for each of the four types of protocols considered, encompassing in some cases both active and passive adversaries. As an illustration of the concepts and results in an intuitive and simple manner, we give special emphasis to the simple case of OT, incorporating an example of the protocol. Finally, we compare our approach with the approaches by Canetti in [5] and P tzmann et al in [22]