We propose a novel paradigm for defining security of cryptographic protocols, called
universally composable security. The salient property of universally composable definitions …

We present a formalism for the analysis of key-exchange protocols that combines previous
definitional approaches and results in a definition of security that enjoys some important …

We study the interaction of the" new" construct with a rich but common form of (first-order)
communication. This interaction is crucial in security protocols, which are the main …

Although there have been attempts to develop code transformations that yield tamper-
resistant software, no reliable software-only methods are known. This paper studies the …

We study the interaction of the programming construct “new,” which generates statically
scoped names, with communication via messages on channels. This interaction is crucial in …

We present a new mechanized prover for secrecy properties of security protocols. In contrast
to most previous provers, our tool does not rely on the Dolev-Yao model, but on the …

The notion of process equivalence of probabilistic processes is sensitive to the exact
probabilities of transitions. Thus, a slight change in the transition probabilities will result in …

Computing systems often deliberately release (or declassify) sensitive information. A
principal security concern for systems permitting information release is whether this release …

Encryption that is only semantically secure should not be used on messages that depend on
the underlying secret key; all bets are off when, for example, one encrypts using a shared …

Two distinct, rigorous views of cryptography have developed over the years, in two mostly
separate communities. One of the views relies on a simple but effective formal approach; the …