Welcome to the resource topic for 2006/041
Title:
Reactively Simulatable Certified Mail
Authors: Birgit Pfitzmann, Matthias Schunter, Michael Waidner
Abstract:(Revision of Sept. 2004 of a journal submission from Dec. 2000.)
Certified mail is the fair exchange of a message
for a receipt, i.e., the recipient gets the message if
and only if the sender gets a receipt. It is an important
primitive for electronic commerce and other atomicity services.
Certified-mail protocols are known in the literature, but there
was no rigorous definition yet, in particular for optimistic protocols
and for many interleaved executions.
We provide such a definition via an ideal system and show that
a specific real certified-mail protocol is as secure as this ideal
system in the sense of reactive simulatability in the standard model
of cryptography and under standard assumptions.
As certified mail without any third party is not practical, we consider optimistic protocols,
which involve a third party only if one party tries to cheat.
The real protocol resembles prior protocols, but we had to use a different
cryptographic primitive to achieve simulatability.
The communication model is synchronous.
This proof first demonstrated that a cryptographic multi-step protocol
can fulfil a general definition of reactive simulatability
enabling concurrent composition.
We also first showed how formal-method style reasoning can be applied
over the ideal system in a cryptographically sound way.
Moreover, the treatment of multiple protocol runs and their modular proof in spite
of the use of common cryptographic primitives for all runs can
be seen as a first example of what is now known as joint-state composition.
ePrint: https://eprint.iacr.org/2006/041
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .