11

What are the minimal components to build a security model proof for a protocol?

This question might seem trivial, but having read many papers-- from the IEEE, ACM, etc., that talk about a KMP-- I still don't know where to start. For example, should I use the adversary model or a random oracle?

Patriot
  • 3,132
  • 3
  • 18
  • 65
CipherX
  • 381
  • 2
  • 12
  • 2
    IMHO it depends on the context. Defining a protocol you need to set a context, what is the protocol used for, what is its goal. Then you could define environment (primitives and assumptions) and threats. (TLS has different goal, environment and threats than SAML). – gusto2 Jul 31 '18 at 08:08
  • 1
    Although I am sometimes wondering if the choice is correct for crypto.SE or for most sites on the SE network, asking for resources is an explicit reason to vote a question off topic. Maybe you could change the question to make it on topic again, e.g. asking what are the minimal components of a security proof. – Maarten Bodewes Aug 01 '18 at 14:30
  • Dear Marteen, thank you very much for your suggestion. I modified my question. – CipherX Aug 01 '18 at 14:34
  • You may want to note that usually the ROM comes in through the proof and not the model / security definition itself. – SEJPM Jul 16 '19 at 12:14
  • To clarify (because you mentioned the ROM): You are asking how to (systematically) construct a security definition for a protocol, right? – SEJPM Jul 16 '19 at 12:14
  • @SEJPM exactly. This one it seems that is not a trivial task. – CipherX Jul 16 '19 at 13:12

0 Answers0