January 20 – 25 , 2019, Dagstuhl Seminar 19042

Practical Yet Composably Secure Cryptographic Protocols


Jan Camenisch (Dfinity Foundation – Zug, CH)
Ralf Küsters (Universität Stuttgart, DE)
Anna Lysyanskaya (Brown University – Providence, US)
Alessandra Scafuro (North Carolina State University – Raleigh, US)

For support, please contact

Dagstuhl Service Team


List of Participants
Shared Documents
Dagstuhl Seminar Schedule [pdf]


The number as well as the complexity of the cryptographic protocols that are used in practice has increased substantially in the last few years. Unfortunately, cryptographic protocols used in practice often do not come with proper security proofs but rather with hand wavy arguments that they will fulfill their requirements. In the past two decades, the cryptographic community has made substantial progress in modeling cryptographic protocols and proving their security: a number of security frameworks have emerged that guarantee that a cryptographic protocol remains secure under composition, i.e., it remains secure no matter in what environment it is used. While this is the kind of security guarantee that is needed for all cryptographic protocols and in particular those used in practice, protocols designed in these composable security frameworks tend to be not sufficiently efficient to be usable in practice.

The main goal of this Dagstuhl Seminar is to assess the state of the art of the design, modeling, and security analysis of cryptographic protocols and to identify new approaches and directions that allow one to design cryptographic protocols that are efficient and yet offer the strongest security guarantees. To this end, we aim to identify hurdles preventing provably secure protocols from being efficient, and to compare the different composability frameworks proposed in the literature with respect to their ability to analyze practical protocols.

The topics to be considered in more detail in the seminar include the following ones:

  • Design of practical yet provably secure cryptographic protocols
  • Identification of hurdles for achieving efficient and provable UC security, identification of solutions
  • Modeling and comparison of different set-up assumptions and their implications
  • Comparison of the different composability frameworks

We plan to strike a balance between talks and open discussion sessions in order to identify and ignite future research towards security composition frameworks that facilitate the design and analysis of efficient cryptographic protocols. In accordance with the philosophy of Dagstuhl Seminars, we want to provide an inspiring environment for thought and discussion.

  Creative Commons BY 3.0 DE
  Jan Camenisch, Ralf Küsters, Anna Lysyanskaya, and Alessandra Scafuro


  • Security / Cryptology


  • Security Models
  • Universally Composability
  • Provably Secure Protocols
  • Applied Cryptography
  • Cryptographic Protocols
  • Practical Protocols.


In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.


Download overview leaflet (PDF).


Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.

NSF young researcher support