For many cryptographic protocols, security relies on the assumption that adversarial entities have limited computational power. This type of security degrades progressively over the lifetime of a protocol. However, some cryptographic services, such as timestamping services or digital archives, are emph{long-lived} in nature; they are expected to be secure and operational for a very long time (ie super-polynomial). In such cases, security cannot be guaranteed in the traditional sense: a computationally secure protocol may become insecure if the attacker has a super-polynomial number of interactions with the protocol. This paper proposes a new paradigm for the analysis of long-lived security protocols. We allow entities to be active for...
The standard class of adversaries considered in cryptography is that of {\em strict} polynomial-time...
An increasing amount of information today is generated, exchanged, and stored digitally. This also i...
Important properties of many protocols are liveness or availability, i.e., that something good happe...
For many cryptographic protocols, security relies on the assumption that adversarial entities have l...
For many cryptographic protocols, security relies on the assumption that adversarial entities have l...
Huge amounts of information today are stored digitally and a significant amount of this information...
Commonly used digital signature schemes have a limited lifetime because their security is based on c...
Long-term security ensures that a protocol remains secure even in the future, when the adversarial c...
Sensitive electronic data may be required to remain confidential for long periods of time. Yet encry...
Important properties of many protocols are liveness or availability, i.e., that something good happe...
AbstractNew definitions are proposed for the security of Transient-Key Cryptography (a variant on Pu...
A protocol has everlasting security if it is secure against adversaries that are computationally unl...
We present a definition of an ideal timestamping functionality that maintains a timestamped record of...
Recently, there has been much interest in extending models for simulation-based security in such a ...
The amount of information produced in the last decades has grown notably. Much of this information o...
The standard class of adversaries considered in cryptography is that of {\em strict} polynomial-time...
An increasing amount of information today is generated, exchanged, and stored digitally. This also i...
Important properties of many protocols are liveness or availability, i.e., that something good happe...
For many cryptographic protocols, security relies on the assumption that adversarial entities have l...
For many cryptographic protocols, security relies on the assumption that adversarial entities have l...
Huge amounts of information today are stored digitally and a significant amount of this information...
Commonly used digital signature schemes have a limited lifetime because their security is based on c...
Long-term security ensures that a protocol remains secure even in the future, when the adversarial c...
Sensitive electronic data may be required to remain confidential for long periods of time. Yet encry...
Important properties of many protocols are liveness or availability, i.e., that something good happe...
AbstractNew definitions are proposed for the security of Transient-Key Cryptography (a variant on Pu...
A protocol has everlasting security if it is secure against adversaries that are computationally unl...
We present a definition of an ideal timestamping functionality that maintains a timestamped record of...
Recently, there has been much interest in extending models for simulation-based security in such a ...
The amount of information produced in the last decades has grown notably. Much of this information o...
The standard class of adversaries considered in cryptography is that of {\em strict} polynomial-time...
An increasing amount of information today is generated, exchanged, and stored digitally. This also i...
Important properties of many protocols are liveness or availability, i.e., that something good happe...