Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Demay, Grégorya; * | Gaži, Peterb; ** | Maurer, Uelic | Tackmann, Björnd; ***
Affiliations: [a] Ergon Informatik AG, Zürich, Switzerland. E-mail: gregory.demay@ergon.ch | [b] IOHK Research, Hong Kong. E-mail: peter.gazi@iohk.io | [c] Department of Computer Science, ETH Zürich, Zürich, Switzerland. E-mail: maurer@inf.ethz.ch | [d] IBM Research – Zurich, Rüschlikon, Switzerland. E-mail: bta@zurich.ibm.com
Correspondence: [*] Corresponding author. E-mail: gregory.demay@ergon.ch. Work done while author was at ETH Zürich.
Note: [**] Work done while author was at ETH Zürich and IST Austria.
Note: [***] Work done while author was at ETH Zürich and UC San Diego.
Abstract: Cryptographic security is usually defined as a guarantee that holds except when a bad event with negligible probability occurs, and nothing is guaranteed in that bad case. However, in settings where such failure can happen with substantial probability, one needs to provide guarantees even for the bad case. A typical example is where a (possibly weak) password is used instead of a secure cryptographic key to protect a session, the bad event being that the adversary correctly guesses the password. In a situation with multiple such sessions, a per-session guarantee is desired: any session for which the password has not been guessed remains secure, independently of whether other sessions have been compromised. A new formalism for stating such gracefully degrading security guarantees is introduced and applied to analyze the examples of password-based message authentication and password-based encryption. While a natural per-message guarantee is achieved for authentication, the situation of password-based encryption is more delicate: a per-session confidentiality guarantee only holds against attackers for which the distribution of password-guessing effort over the sessions is known in advance. In contrast, for more general attackers without such a restriction, a strong, composable notion of security cannot be achieved.
Keywords: Password-based encryption, simulation-based security, random oracle
DOI: 10.3233/JCS-181131
Journal: Journal of Computer Security, vol. 27, no. 1, pp. 75-111, 2019
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl