Abstract
Within the framework of UC (universally composable) security, a general method is presented to construct a secure channel protocol with using IND-CVA (indistinguishability of encryption scheme under ciphertext verification attacks). A channel protocol with using the method first invokes an ideal key-exchange protocol to get a session key, and then computes the messages with an authenticated encryption scheme. The paper shows that a channel protocol is UC secure if and only if the underlying authenticated encryption scheme is both IND-CVA secure and INT-PTXT secure. The condition about secure channel protocol in this paper is much weaker than IND-CCA secure and INT-CTXT secure. The IND-CVA can be presented for describing the privacy requirements of secure channels in detail. Moreover, the method for designing secure channel protocol in the paper reduces the UC security of secure channels, which are measured by action-simulation in the UC security framework, to the security of authenticated encryption schemes, which are measured semantically.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
