A Zero-One Law for Cryptographic Complexity with Respect to Computational UC Security

It is well-known that most cryptographic tasks do not have universally composable (UC) secure protocols, if no trusted setup is available in the framework. On the other hand, if a task like fair coin-tossing is available as a trusted setup, then all cryptographic tasks have UC-secure protocols. What other trusted setups allow UC-secure protocols for all tasks? More generally, given a particular setup, what tasks have UC-secure protocols? We show that, surprisingly, every trusted setup is either useless (equivalent to having no trusted setup) or all-powerful (allows UC-secure protocols for all tasks). There are no "intermediate" trusted setups in the UC framework. We prove this zero-one law under a natural intractability assumption, and consider the class of deterministic, finite, 2-party functionalities as candidate trusted setups. One important technical contribution in this work is to initiate the comprehensive study of the cryptographic properties of reactive functionalities. We model these functionalities as finite automata and develop an automata-theoretic methodology for classifying and studying their cryptographic properties. Consequently, we completely characterize the reactive behaviors that lead to cryptographic non-triviality. Another contribution of independent interest is to optimize the hardness assumption used by Canetti et al. (STOC 2002) in showing that the common random string functionality is complete (a result independently obtained by Damgard et al. (TCC 2010)).

[1]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[2]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[3]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[4]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[5]  Eyal Kushilevitz,et al.  A zero-one law for Boolean privacy , 1989, STOC '89.

[6]  Russell Impagli A Personal View of Average-Case Complexity , 1995 .

[7]  Joe Kilian More general completeness theorems for secure two-party computation , 2000, STOC '00.

[8]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[9]  Salil P. Vadhan,et al.  Zero knowledge with efficient provers , 2006, STOC '06.

[10]  Jörn Müller-Quade,et al.  Completeness Theorems with Constructive Proofs for Finite Deterministic 2-Party Functions , 2010, TCC.

[11]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[12]  Ran Canetti A unified framework for analyzing security of protocols , 2001, Electron. Colloquium Comput. Complex..

[13]  Ivan Damgård,et al.  On the Necessary and Sufficient Assumptions for UC Computation , 2010, TCC.

[14]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[15]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[16]  Manoj Prabhakaran,et al.  Cryptographic Complexity Classes and Computational Intractability Assumptions , 2009, ICS.

[17]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[18]  Moni Naor,et al.  Bit Commitment Using Pseudo-Randomness , 1989, CRYPTO.

[19]  Manoj Prabhakaran,et al.  Cryptographic Complexity of Multi-Party Computation Problems: Classifications and Separations , 2008, CRYPTO.

[20]  Donald Beaver Perfect Privacy For Two-Party Protocols , 1989, Distributed Computing And Cryptography.

[21]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[22]  Rafail Ostrovsky,et al.  Reducibility and Completeness in Private Computations , 2000, SIAM J. Comput..

[23]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[24]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[25]  Eyal Kushilevitz,et al.  A Zero-One Law for Boolean Privacy (extended abstract) , 1989, STOC 1989.

[26]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[27]  Silvio Micali,et al.  The All-or-Nothing Nature of Two-Party Secure Computation , 1999, CRYPTO.

[28]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation without Set-up Assumptions , 2003, EUROCRYPT.

[29]  Amit Sahai,et al.  New notions of security , 2005 .

[30]  Eyal Kushilevitz,et al.  Privacy and communication complexity , 1989, 30th Annual Symposium on Foundations of Computer Science.

[31]  Jörn Müller-Quade,et al.  Secure Computability of Functions in the IT Setting with Dishonest Majority and Applications to Long-Term Security , 2009, TCC.

[32]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[33]  Joe Kilian,et al.  A general completeness theorem for two party games , 1991, STOC '91.

[34]  Manoj Prabhakaran,et al.  Complexity of Multiparty Computation Problems: The Case of 2-Party Symmetric Secure Function Evaluation , 2009, IACR Cryptol. ePrint Arch..

[35]  Moni Naor,et al.  Completeness in Two-Party Secure Computation: A Computational View , 2004, STOC '04.

[36]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..