Advances in Cryptology -- CRYPTO 2015

In this paper, we present a simpler and more restricted variant of the universally composable security (UC) framework that is suitable for “standard” two-party and multiparty computation tasks. Many of the complications of the UC framework exist in order to enable more general tasks than classic secure computation. This generality may be a barrier to entry for those who are used to the stand-alone model of secure computation and wish to work with universally composable security but are overwhelmed by the differences. The variant presented here (called simplified universally composable security, or just SUC) is closer to the definition of security for multiparty computation in the stand-alone setting. The main difference is that a protocol in the SUC framework runs with a fixed set of parties, and machines cannot be added dynamically to the execution. As a result, the definitions of polynomial time and protocol composition are much simpler. In addition, the SUC framework has authenticated channels built in, as is standard in previous definitions of security, and all communication is done via the adversary in order to enable arbitrary scheduling of messages. Due to these differences, not all cryptographic tasks can be expressed in the SUC framework. Nevertheless, standard secure computation tasks (like secure function evaluation) can be expressed. Importantly, we show that for every protocol that can be represented in the SUC framework, the protocol is secure in SUC if and only if it is secure in UC. Therefore, the UC composition theorem holds and any protocol that is proven secure under SUC is secure under the general framework (with some technical changes to the functionality definition). As a result, protocols that are secure in the SUC framework are secure when an a priori unbounded number of concurrent executions of the protocols take place (relative to the same fixed set of parties).

[1]  Charanjit S. Jutla,et al.  Switching Lemma for Bilinear Tests and Constant-Size NIZK Proofs for Linear Subspaces , 2013, CRYPTO.

[2]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, CRYPTO.

[3]  Michael K. Reiter,et al.  Alternatives to Non-malleability: Definitions, Constructions, and Applications (Extended Abstract) , 2004, TCC.

[4]  Nancy A. Lynch,et al.  Compositionality for Probabilistic Automata , 2003, CONCUR.

[5]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[6]  Mihir Bellare,et al.  Two-Tier Signatures, Strongly Unforgeable Signatures, and Fiat-Shamir Without Random Oracles , 2007, Public Key Cryptography.

[7]  Mehdi Tibouchi,et al.  Unified, Minimal and Selectively Randomizable Structure-Preserving Signatures , 2014, IACR Cryptol. ePrint Arch..

[8]  Thomas Peters,et al.  Efficient Completely Context-Hiding Quotable and Linearly Homomorphic Signatures , 2013, Public Key Cryptography.

[9]  David Pointcheval,et al.  Disjunctions for Hash Proof Systems: New Constructions and Applications , 2015, EUROCRYPT.

[10]  Markulf Kohlweiss,et al.  Malleable Proof Systems and Applications , 2012, EUROCRYPT.

[11]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[12]  Ran Canetti,et al.  Maintaining Security in the Presence of Transient Faults , 1994, CRYPTO.

[13]  Eike Kiltz,et al.  Quasi-Adaptive NIZK for Linear Subspaces Revisited , 2015, IACR Cryptol. ePrint Arch..

[14]  Georg Fuchsbauer,et al.  Fair Blind Signatures without Random Oracles , 2010, AFRICACRYPT.

[15]  Georg Fuchsbauer,et al.  Commuting Signatures and Verifiable Encryption , 2011, EUROCRYPT.

[16]  Moti Yung,et al.  Group Encryption: Non-interactive Realization in the Standard Model , 2009, ASIACRYPT.

[17]  Moti Yung,et al.  Non-Malleability from Malleability: Simulation-Sound Quasi-Adaptive NIZK Proofs and CCA2-Secure Encryption from Homomorphic Signatures , 2014, IACR Cryptol. ePrint Arch..

[18]  Ryo Nishimaki,et al.  Tagged One-Time Signatures: Tight Security and Optimal Tag Size , 2013, Public Key Cryptography.

[19]  Dennis Hofheinz,et al.  GNUC: A New Universal Composability Framework , 2015, Journal of Cryptology.

[20]  Stefano Tessaro,et al.  An equational approach to secure multi-party computation , 2013, ITCS '13.

[21]  Dawn Xiaodong Song,et al.  Homomorphic Signature Schemes , 2002, CT-RSA.

[22]  Ivan Damgård,et al.  Adaptively Secure UC Constant Round Multi-Party Computation Protocols , 2014, IACR Cryptol. ePrint Arch..

[23]  Matthew Green,et al.  Universally Composable Adaptive Oblivious Transfer , 2008, IACR Cryptol. ePrint Arch..

[24]  Eike Kiltz,et al.  (Hierarchical) Identity-Based Encryption from Affine Message Authentication , 2014, CRYPTO.

[25]  Ran Canetti,et al.  Obtaining Universally Compoable Security: Towards the Bare Bones of Trust , 2007, ASIACRYPT.

[26]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[27]  Jörn Müller-Quade,et al.  Polynomial Runtime and Composability , 2013, Journal of Cryptology.

[28]  Eike Kiltz,et al.  Secure Hybrid Encryption from Weakened Key Encapsulation , 2007, CRYPTO.

[29]  Hoeteck Wee,et al.  Shorter IBE and Signatures via Asymmetric Pairings , 2012, Pairing.

[30]  Douglas Wikström,et al.  On the security of mix-nets and hierarchical group signatures , 2005 .

[31]  Georg Fuchsbauer,et al.  Achieving Optimal Anonymity in Transferable E-Cash with a Judge , 2011, AFRICACRYPT.

[32]  Dario Catalano,et al.  Authenticating Computation on Groups: New Homomorphic Primitives and Applications , 2014, ASIACRYPT.

[33]  Hovav Shacham,et al.  Randomizable Proofs and Delegatable Anonymous Credentials , 2009, CRYPTO.

[34]  Ueli Maurer,et al.  Universally Composable Synchronous Computation , 2013, TCC.

[35]  Hoeteck Wee,et al.  Improved Dual System ABE in Prime-Order Groups via Predicate Encodings , 2015, EUROCRYPT.

[36]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[37]  Ran Canetti,et al.  Universal Composition with Joint State , 2003, CRYPTO.

[38]  Ralf Küsters,et al.  The IITM Model: A Simple and Expressive Model for Universal Composability , 2020, Journal of Cryptology.

[39]  Jens Groth,et al.  Fully Anonymous Group Signatures without Random Oracles , 2007, IACR Cryptol. ePrint Arch..

[40]  Mehdi Tibouchi,et al.  Structure-Preserving Signatures from Type II Pairings , 2014, CRYPTO.

[41]  Ryo Nishimaki,et al.  Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions , 2012, Journal of Cryptology.

[42]  Brent Waters,et al.  Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions , 2009, IACR Cryptol. ePrint Arch..

[43]  Eike Kiltz,et al.  Structure-Preserving Signatures from Standard Assumptions, Revisited , 2015, CRYPTO.

[44]  Jens Groth,et al.  Separating Short Structure-Preserving Signatures from Non-interactive Assumptions , 2011, ASIACRYPT.

[45]  Moti Yung,et al.  Group Signatures with Almost-for-Free Revocation , 2012, CRYPTO.

[46]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[47]  Jens Groth,et al.  Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups , 2011, CRYPTO.

[48]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[49]  Charanjit S. Jutla,et al.  Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces , 2013, ASIACRYPT.

[50]  A. Lewko,et al.  Fully Secure HIBE with Short Ciphertexts , 2009 .

[51]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[52]  Birgit Pfitzmann,et al.  Composition and integrity preservation of secure reactive systems , 2000, CCS.

[53]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[54]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[55]  Jonathan Katz,et al.  Signing a Linear Subspace: Signature Schemes for Network Coding , 2009, IACR Cryptol. ePrint Arch..

[56]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[57]  Yehuda Lindell,et al.  General Composition and Universal Composability in Secure Multiparty Computation , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[58]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[59]  M. Paz Morillo Bosch,et al.  Matrix computational assumptions in multilinear groups , 2015 .

[60]  Ralf Küsters,et al.  Simulation-based security with inexhaustible interactive Turing machines , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[61]  Victor Shoup,et al.  A Proposal for an ISO Standard for Public Key Encryption , 2001, IACR Cryptol. ePrint Arch..

[62]  Yehuda Lindell,et al.  A Simpler Variant of Universally Composable Security for Standard Multiparty Computation , 2015, CRYPTO.

[63]  Yvo Desmedt,et al.  Computer security by redefining what a computer is , 1993, NSPW '92-93.