Visible to the public A Cryptographic Look at Multi-party Channels

TitleA Cryptographic Look at Multi-party Channels
Publication TypeConference Paper
Year of Publication2018
AuthorsEugster, P., Marson, G. A., Poettering, B.
Conference Name2018 IEEE 31st Computer Security Foundations Symposium (CSF)
Keywords-broadcast-communication, -causality-preservation, -confidentiality, -integrity, authenticated communication, authenticated encryption, bidirectional channel, bidirectional communication, broadcast channels, broadcast communication, channel security, compositionality, computer network security, confidential communication, cryptographic channels, cryptographic protocols, Encryption, FSE17-ToSC17, full-fledged broadcast channel, game-based authenticity, Group communication, Internet, multiparty channels, point-to-point link, point-to-point links, Predictive Metrics, protocol, Protocols, provable security, pubcrawl, reliability, Resiliency, secure-channels, security properties, Servers, standard cryptographic primitives, unidirectional links
AbstractCryptographic channels aim to enable authenticated and confidential communication over the Internet. The general understanding seems to be that providing security in the sense of authenticated encryption for every (unidirectional) point-to-point link suffices to achieve this goal. As recently shown (in FSE17/ToSC17), however, the security properties of the unidirectional links do not extend, in general, to the bidirectional channel as a whole. Intuitively, the reason for this is that the increased interaction in bidirectional communication can be exploited by an adversary. The same applies, a fortiori, in a multi-party setting where several users operate concurrently and the communication develops in more directions. In the cryptographic literature, however, the targeted goals for group communication in terms of channel security are still unexplored. Applying the methodology of provable security, we fill this gap by defining exact (game-based) authenticity and confidentiality goals for broadcast communication, and showing how to achieve them. Importantly, our security notions also account for the causal dependencies between exchanged messages, thus naturally extending the bidirectional case where causal relationships are automatically captured by preserving the sending order. On the constructive side we propose a modular and yet efficient protocol that, assuming only point-to-point links between users, leverages (non-cryptographic) broadcast and standard cryptographic primitives to a full-fledged broadcast channel that provably meets the security notions we put forth.
DOI10.1109/CSF.2018.00010
Citation Keyeugster_cryptographic_2018