(Public) Verifiability for Composable Protocols Without Adaptivity or Zero-Knowledge

The Universal Composability (UC) framework (FOCS ’01) is the current standard for proving security of cryptographic protocols under composition. It allows to reason about complex protocol structures in a bottom-up fashion: any building block that is UC-secure can be composed arbitrarily with any other UC-secure construction while retaining their security guarantees. Unfortunately, some protocol properties such as the verifiability of outputs require excessively strong tools to achieve in UC. In particular, “obviously secure” constructions cannot directly be shown to be UC-secure, and verifiability of building blocks does not easily carry over to verifiability of the composed construction. In this work, we study Non-Interactive (Public) Verifiability of UC protocols, i.e. under which conditions a verifier can ascertain that a party obtained a specific output from the protocol. The verifier may have been part of the protocol execution or not, as in the case of public verifiability. We consider a setting used in a number of applications where it is ok to reveal the input of the party whose output gets verified and analyze under which conditions such verifiability can generically be achieved using “cheap” cryptographic primitives. That is, we avoid having to rely on adaptively secure primitives or heavy computational tools such as NIZKs. As Non-Interactive Public Verifiability is crucial when composing protocols with a public ledger, our approach can be beneficial when designing these with provably composable security and efficiency in mind.

[1]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[2]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[3]  David Pointcheval,et al.  Chosen-Ciphertext Security for Any One-Way Cryptosystem , 2000, Public Key Cryptography.

[4]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[5]  Ran Canetti,et al.  Universal Composition with Joint State , 2003, CRYPTO.

[6]  Ran Canetti,et al.  Universally composable signature, certification, and authentication , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[7]  Ran Canetti,et al.  Universally Composable Symbolic Analysis of Mutual Authentication and Key-Exchange Protocols , 2006, TCC.

[8]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[9]  Daniel Wichs,et al.  Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer , 2009, IACR Cryptol. ePrint Arch..

[10]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[11]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[12]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[13]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2011, Journal of Cryptology.

[14]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[15]  Gilad Asharov,et al.  Calling out Cheaters: Covert Security With Public Verifiability , 2012, IACR Cryptol. ePrint Arch..

[16]  Mihir Bellare,et al.  Adaptively Secure Garbling with Applications to One-Time Programs and Secure Outsourcing , 2012, ASIACRYPT.

[17]  Ran Canetti,et al.  Practical UC security with a Global Random Oracle , 2014, CCS.

[18]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[19]  Ivan Damgård,et al.  Publicly Auditable Secure Multi-Party Computation , 2014, SCN.

[20]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[21]  Rafail Ostrovsky,et al.  Secure Multi-Party Computation with Identifiable Abort , 2014, CRYPTO.

[22]  Rafail Ostrovsky,et al.  Incoercible Multi-party Computation and Universally Composable Receipt-Free Voting , 2015, CRYPTO.

[23]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[24]  Berry Schoenmakers,et al.  Universally Verifiable Multiparty Computation from Threshold Homomorphic Cryptosystems , 2015, ACNS.

[25]  Jan Camenisch,et al.  UC Commitments for Modular Protocol Design and Applications to Revocation and Attribute Tokens , 2016, CRYPTO.

[26]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[27]  Ignacio Cascudo,et al.  Rate-1, Linear Time and Additively Homomorphic UC Commitments , 2016, CRYPTO.

[28]  Aggelos Kiayias,et al.  Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016, EUROCRYPT.

[29]  Emmanuela Orsini,et al.  Efficient Secure Multiparty Computation with Identifiable Abort , 2016, IACR Cryptol. ePrint Arch..

[30]  Ignacio Cascudo,et al.  SCRAPE: Scalable Randomness Attested by Public Entities , 2017, IACR Cryptol. ePrint Arch..

[31]  Benny Pinkas,et al.  Committed MPC - Maliciously Secure Multiparty Computation from Homomorphic Commitments , 2017, IACR Cryptol. ePrint Arch..

[32]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[33]  Tommaso Gagliardoni,et al.  The Wonderful World of Global Random Oracles , 2018, IACR Cryptol. ePrint Arch..

[34]  Sabine Oechsner,et al.  Adaptive Security of Practical Garbling Schemes , 2019, IACR Cryptol. ePrint Arch..

[35]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[36]  Jing Chen,et al.  Algorand: A secure and efficient distributed ledger , 2019, Theor. Comput. Sci..

[37]  Emmanuela Orsini,et al.  Efficient Constant-Round MPC with Identifiable Abort and Public Verifiability , 2020, IACR Cryptol. ePrint Arch..

[38]  Ignacio Cascudo,et al.  ALBATROSS: publicly AttestabLe BATched Randomness based On Secret Sharing , 2020, IACR Cryptol. ePrint Arch..

[39]  Rafael Dowsley,et al.  Insured MPC: Efficient Secure Computation with Financial Penalties , 2020, Financial Cryptography.

[40]  Ran Canetti,et al.  Blazing Fast OT for Three-Round UC OT Extension , 2020, IACR Cryptol. ePrint Arch..

[41]  Ran Canetti,et al.  Efficient and Round-Optimal Oblivious Transfer and Commitment with Adaptive Security , 2020, IACR Cryptol. ePrint Arch..

[42]  Carsten Baum,et al.  P2DEX: Privacy-Preserving Decentralized Cryptocurrency Exchange , 2021, IACR Cryptol. ePrint Arch..