A note on the feasibility of generalised universal composability†

In this paper we study (interpret) the precise composability guarantee of the generalised universal composability (GUC) feasibility with global setups that was proposed in the recent paper Canetti et al. (2007) from the point of view of full universal composability (FUC), that is, composability with arbitrary protocols, which was the original security goal and motivation for UC. By observing a counter-intuitive phenomenon, we note that the GUC feasibility implicitly assumes that the adversary has limited access to arbitrary external protocols. We then clarify a general principle for achieving FUC security, and propose some approaches for fixing the GUC feasibility under the general principle. Finally, we discuss the relationship between GUC and FUC from both technical and philosophical points of view. This should be helpful in gaining a precise understanding of the GUC feasibility, and for preventing potential misinterpretations and/or misuses in practice.

[1]  Mihir Bellare,et al.  On Probabilistic versus Deterministic Provers in the Definition of Proofs Of Knowledge , 2006, IACR Cryptol. ePrint Arch..

[2]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[3]  Manuel Blum,et al.  How to Prove a Theorem So No One Else Can Claim It , 2010 .

[4]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[5]  David J. Goodman,et al.  Personal Communications , 1994, Mobile Communications.

[6]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[7]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[8]  Rafael Pass,et al.  On Deniability in the Common Reference String and Random Oracle Model , 2003, CRYPTO.

[9]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[10]  Ran Canetti,et al.  Security and composition of cryptographic protocols: a tutorial (part I) , 2006, SIGA.

[11]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[12]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 1, Basic Tools , 2001 .

[13]  Juan A. Garay,et al.  Strengthening Zero-Knowledge Protocols Using Signatures , 2003, Journal of Cryptology.

[14]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[15]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[16]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[17]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[18]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[19]  Ran Canetti,et al.  Universal Composition with Joint State , 2003, CRYPTO.

[20]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation without Set-up Assumptions , 2003, EUROCRYPT.

[21]  Giuseppe Ateniese,et al.  Identity-Based Chameleon Hash and Applications , 2004, Financial Cryptography.

[22]  Oded Goldreich,et al.  Two Remarks Concerning the Goldwasser-Micali-Rivest Signature Scheme , 1986, CRYPTO.

[23]  Yehuda Lindell,et al.  General Composition and Universal Composability in Secure Multiparty Computation , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[24]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[25]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[26]  Yunlei Zhao,et al.  A note on universal composable zero-knowledge in the common reference string model , 2009, Theor. Comput. Sci..

[27]  Yehuda Lindell,et al.  Lower Bounds for Concurrent Self Composition , 2004, TCC.

[28]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[29]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[30]  Manuel Blum,et al.  Coin Flipping by Telephone. , 1981, CRYPTO 1981.

[31]  Silvio Micali,et al.  How to Prove all NP-Statements in Zero-Knowledge, and a Methodology of Cryptographic Protocol Design , 1986, CRYPTO.