Ideal Key Derivation and Encryption in Simulation-Based Security
Many real-world protocols, such as SSL/TLS, SSH, IPsec, IEEE 802.11i, DNSSEC, and Kerberos, derive new keys from other keys. To be able to analyze such protocols in a composable way, in this paper the authors extend an ideal functionality for symmetric and public-key encryption proposed in previous work by a mechanism for key derivation. They also equip this functionality with Message Authentication Codes (MACs) and ideal nonce generation. They show that the resulting ideal functionality can be realized based on standard cryptographic assumptions and constructions, hence, providing a solid foundation for faithful, composable cryptographic analysis of real-world security protocols.