Hostname: page-component-78c5997874-4rdpn Total loading time: 0 Render date: 2024-11-12T16:12:59.476Z Has data issue: false hasContentIssue false

A note on the feasibility of generalised universal composability

Published online by Cambridge University Press:  01 February 2009

ANDREW C. C. YAO
Affiliation:
Institute for Theoretical Computer Science (ITCS), Tsinghua University, Beijing, China Email: andrewcyao@tsinghua.edu.cn
FRANCES F. YAO
Affiliation:
Department of Computer Science, City University of Hong Kong, Hong Kong, China Email: csfyao@cityu.edu.hk
YUNLEI ZHAO*
Affiliation:
Software School, Fudan University, Shanghai, China Email: ylzhao@fudan.edu.cn
*
Corresponding author. The work by this author was done in part while visiting Tsinghua university and City University of Hong Kong.

Abstract

In this paper we study (interpret) the precise composability guarantee of the generalised universal composability (GUC) feasibility with global setups that was proposed in the recent paper Canetti et al. (2007) from the point of view of full universal composability (FUC), that is, composability with arbitrary protocols, which was the original security goal and motivation for UC. By observing a counter-intuitive phenomenon, we note that the GUC feasibility implicitly assumes that the adversary has limited access to arbitrary external protocols. We then clarify a general principle for achieving FUC security, and propose some approaches for fixing the GUC feasibility under the general principle. Finally, we discuss the relationship between GUC and FUC from both technical and philosophical points of view. This should be helpful in gaining a precise understanding of the GUC feasibility, and for preventing potential misinterpretations and/or misuses in practice.

Type
Paper
Copyright
Copyright © Cambridge University Press 2009

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Footnotes

The work described in this paper was supported in part by a grant from the Research Grants Council of the Hong Kong Special Administrative Region, China (Project Number CityU 122105), by CityU Research Grant (9380039), by the National Basic Research Program of China Grant (973) 2007CB807900, 2007CB807901, by NSFC No. 60703091, by the Pujiang Program of Shanghai and by the Young Faculty Program of MSRA.

References

Atenise, G. and De Medeiros, B. (2003) Identity-Based Chameleon Hash and Applications. Cryptology ePrint Archive, Report No. 2003/167.Google Scholar
Blum, M. (1982) Coin Flipping by Telephone. In: Proc. IEEE Spring COMPCOM 133–137.Google Scholar
Blum, M. (1986) How to Prove a Theorem so No One Else can Claim It. In: Proceedings of the International Congress of Mathematicians, Berkeley, California 1444–1451.Google Scholar
Bellare, M. and Goldreich, O. (1992) On Defining Proofs of Knowledge. In: Brickell, E. F. (ed.) Advances in Cryptology – Proceedings of CRYPTO 1992. Springer-Verlag Lecture Notes in Computer Science 740 390420.CrossRefGoogle Scholar
Bellare, M. and Goldreich, O. (2006) On Probabilistic versus Deterministic Provers in the Definition of Proofs of Knowledge. Electronic Colloquium on Computational Complexity 13 (136).Google Scholar
Canetti, R. (2001) Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: IEEE Symposium on Foundations of Computer Science 136–145.CrossRefGoogle Scholar
Canetti, R. (2006) Security and Composition of Cryptographic Protocols: A Tutorial. Distributed Computing column of SIGACT News 37 (3,4). (Also available from Cryptology ePrint Archive, Report 2006/465.)Google Scholar
Canetti, R., Dodis, Y., Pass, R and Walfish, S. (2007) Universal Composable Security with Global Setup. In: Vadhan, S. (ed.) Theory of Cryptography (TCC). Springer-Verlag Lecture Notes in Computer Science 4392 6185.CrossRefGoogle Scholar
Canetti, R., Dodis, Y., Walfish, S and Zhao, Y. (2007) Personal communications.Google Scholar
Canetti, R. and Fischlin, M. (2001) Universal Composable Commitments. In: Kilian, J. (ed.) Advances in Cryptology – Proceedings of CRYPTO 2001. Springer-Verlag Lecture Notes in Computer Science 2139 1940.CrossRefGoogle Scholar
Canetti, R., Kushilevitz, E. and Lindell, Y. (2003) On the Limitations of Universal Composition Without Set-Up Assumptions. In: Biham, E. (ed.) Advances in Cryptology – Proceedings of EUROCRYPT 2003. Springer-Verlag Lecture Notes in Computer Science 2656 6886.CrossRefGoogle Scholar
Canetti, R., Lindell, Y., Ostrovsky, R. and Sahai, A. (2002) Universally Composable Two-Party and Multi-Party Secure Computation. In: ACM Symposium on Theory of Computing 494–503.CrossRefGoogle Scholar
Canetti, R. and Rabin, T. (2003) Universal Composition with Joint State. In: Yung, M. (ed.) Advances in Cryptology – Proceedings of CRYPTO 2002. Springer-Verlag Lecture Notes in Computer Science 2729 265281.CrossRefGoogle Scholar
Garay, J. A., MacKenzie, P. and Yang, K. (2003) Strengthening Zero-Knowledge Protocols Using Signatures. Journal of Cryptology (to appear). (A preliminary version appears in Biham, E. (ed.) Advances in Cryptology – Proceedings of EUROCRYPT 2003. Springer-Verlag Lecture Notes in Computer Science 2656 177–194.)CrossRefGoogle Scholar
Goldreich, O. (2001) Foundation of Cryptography – Basic Tools, Cambridge University Press.CrossRefGoogle Scholar
Goldreich, O., Micali, S. and Wigderson, A. (1986a) Proofs that Yield Nothing but Their Validity and a Methodology of Cryptographic Protocol Design. In: IEEE Symposium on Foundations of Computer Science 174–187.CrossRefGoogle Scholar
Goldreich, O., Micali, S. and Wigderson, A. (1986b) How to Prove all 𝓝𝓟-Statements in Zero-Knowledge, and a Methodology of Cryptographic Protocol Design. In: Odlyzko, A. M. (ed.) Advances in Cryptology – Proceedings of CRYPTO 1986. Springer-Verlag Lecture Notes in Computer Science 263 104110.CrossRefGoogle Scholar
Goldreich, O., Micali, S. and Wigderson, A. (1991) Proofs that Yield Nothing but their Validity or All Languages in 𝓝𝓟 have Zero-Knowledge Proof Systems. Journal of the Association for Computing Machinery 38 (1)691729. (Preliminary versions appear in Goldreich et al. (1986a) and Goldreich et al. (1986b).)CrossRefGoogle Scholar
Goldwasser, S., Micali, S. and Rackoff, C. (1985) {The Knowledge Complexity of Interactive Proof-Systems}. In: ACM Symposium on Theory of Computing 291–304.CrossRefGoogle Scholar
Hastad, J., Impagliazzo, R., Levin, L. A. and Luby, M. (1999) Construction of a Pseudorandom Generator from any One-Way Function. SIAM Journal on Computing 28 (4)13641396.CrossRefGoogle Scholar
Lindell, Y. (2003) General Composition and Universal Composability in Secure Multi-Party Computation. In: IEEE Symposium on Foundations of Computer Science 394–403.CrossRefGoogle Scholar
Lindell, Y. (2004) Lower Bounds for Concurrent Self Composition. In: Naor, M. (ed.) Theory of Cryptography (TCC) 2004. Springer-Verlag Lecture Notes in Computer Science 2951 203222.CrossRefGoogle Scholar
Naor, M. (1991) Bit Commitment Using Pseudorandomness. Journal of Cryptology 4 (2)151158.CrossRefGoogle Scholar
Pass, R. (2003) On Deniabililty in the Common Reference String and Random Oracle Models. In: Boneh, D. (ed.) Advances in Cryptology – Proceedings of CRYPTO 2003. Springer-Verlag Lecture Notes in Computer Science 2729 316337.CrossRefGoogle Scholar
Yao, A. C. C., Yao, F. F. and Zhao, Y. (2007) A Note on Universal Composable Zero-Knowledge in the Common Reference String Model. In: Cai, J., Cooper, S. B. and Zhu, H. (eds.) Theory and Applications of Models of Computation – Proceedings of TAMC 2007. Springer-Verlag Lecture Notes in Computer Science 4484 462473.CrossRefGoogle Scholar