[viff-devel] SMCL security notion
Martin Geisler
mg at daimi.au.dk
Mon Jul 21 06:07:24 PDT 2008
Hi Janus and everybody else,
I have now read the progress report and had a look at the PLAS paper:
http://www.daimi.au.dk/~fagidiot/fagidiot/download/jdn-progress.pdf
http://www.daimi.au.dk/~fagidiot/fagidiot/download/smcl-plas07.pdf
and of course I have lots of questions... :-)
I am confused about the notion of security via adversary traces
presented in those papers. It is described via two properties:
* Identity Property: a public state P can only lead to one other
public state P', regardless of the secret state.
* Commutative Property: computing on secrets leads to the same state
as opening everything and computing on open values.
I think you write that this is a new idea -- have you then looked into
how this relates to the more standard notion of Ideal World/Real World
simulation arguments in the UC framework?
It is not clear to me how you can describe the server as one entity
with one state when it is really a set of computers -- are you
thinking of the product state for S1, S2, and S3? Is that state even
well-defined in an asynchronous network setting, or do you assume that
the coordinator synchronizes the network?
You say that the adversary can observe the trace which shows how the
configuration change on the server, but with secret values masked out.
Shouldn't the adversary be able to see the secret values of the server
parties he has corrupted?
Oh, and using the term "semantic security" in Section 4.5 is
unfortunate since it already has a standard definition in
cryptography:
http://en.wikipedia.org/wiki/Semantic_security
--
Martin Geisler
More information about the viff-devel
mailing list