Is there a simple example of a cryptographic protocol that is secure when used on its own (with only one instance active at a time) but becomes insecure in a concurrent setting, i.e., a failure of parallel composition? (Ideally, one that doesn't require understanding zero-knowledge proofs or multiparty secure computation?)
Asked
Active
Viewed 36 times
2
-
1Does this answer your question? – Mikero Oct 19 '21 at 02:08
-
@Mikero, yes, I guess it does answer the question as stated. I was hoping to find an example that would feel better motivated to someone new to the topic (i.e., isn't steeped in UC security, multiparty secure computation, or ZK proofs, and can see why the attack counts as a break of the protocol), and none of those there seem to meet that goal. But I realize that I didn't specify any of those requirements or restrictions in the question, so as it stands, this is a duplicate. – D.W. Oct 19 '21 at 05:06