Max-Planck-Institut für Informatik
max planck institut
mpii logo Minerva of the Max Planck Society

MPI-INF or MPI-SWS or Local Campus Event Calendar

<< Previous Entry Next Entry >> New Event Entry Edit this Entry Login to DB (to update, delete)
What and Who
Title:Constructive Cryptography and Modular Protocol Design
Speaker:Prof. Dr. Ueli Maurer
coming from:ETH Zürich
Speakers Bio:
Event Type:CISPA Distinguished Lecture Series
Visibility:D1, D2, D3, D4, D5, SWS, RG1, MMCI
We use this to send out email in the morning.
Level:Public Audience
Date, Time and Location
Date:Thursday, 15 January 2015
Duration:60 Minutes
Building:E1 5
There is a significant and surprising discrepancy between the
(generally) mathematically rigorous cryptographic literature and the
reality of practical cryptographic protocol design. While the security
of cryptographic schemes (such as various types of encryption,
signatures, etc.) is usually rigorously defined and proven (based on
some intractability assumptions), practical cryptographic protocols
such as TLS that make use of these schemes are often broken, patched,
again broken, etc. Why can't we design provably secure protocols, in
the same sense as we seem to be able to design provably secure
cryptographic schemes?

Constructive cryptography, developed jointly with Renato Renner, is an
alternative paradigm for designing cryptographic protocols and proving
their security; the goal is to avoid the above-mentioned discrepancy.
In constructive cryptography, a cryptographic scheme (e.g. encryption)
is seen as constructing a certain resource (e.g. a secure channel)
from another resource (e.g. an authenticated channel and a secret
key), for a well-defined notion of construction. The construction
notion is composable; for example, a key constructed by a secure
key-agreement protocol can provably be used as the key in any
application that requires a secret key. Composition allows to design
complex protocols in a modular, layered manner. The security proofs of
the modules (e.g. encryption, authentication, key agreement, or
signatures) directly compose to a security proof for the entire

A treatment of cryptographic statements in constructive cryptography
comes with several advantages, including reusability, clear semantics
of security definitions, simplicity due to an abstract treatment freed
from artifacts (like Turing machines, asymptotics, polynomial-time,
communication tapes, corruption messages, etc.), capturing different
security notions (such as information-theoretic and computational
security) in a single treatment, and possibly also suitability for a
treatment with formal methods.

Based on joint works with several coauthors, including Sandro Coretti,
Christian Matt, Renato Renner, Bjoern Tackmann.

Name(s):Sabine Nermerich
EMail:--email address not disclosed on the web
Video Broadcast
Video Broadcast:NoTo Location:
Tags, Category, Keywords and additional notes
Attachments, File(s):
  • Sabine Nermerich, 01/06/2015 09:05 AM -- Created document.