ABSTRACT
We present a unified framework for obtaining Universally Composable (UC) protocols by relying on stand-alone secure non-malleable commitments. Essentially all results on concurrent secure computation--both in relaxed models (e.g., quasi-polynomial time simulation), or with trusted set-up assumptions (e.g., the CRS model, the imperfect CRS model, or the timing model)--are obtained as special cases of our framework. This not only leads to conceptually simpler solutions, but also to improved set-up assumptions, round-complexity, and computational assumptions.
Additionally, this framework allows us to consider new relaxed models of security: we show that UC security where the adversary is a uniform PPT but the simulator is allowed to be a non-uniform PPT (i.e., essentially, traditional UC security, but with a non-uniform reduction) is possible without any trusted set-up. This gives the first results on concurrent secure computation without set-up, which can be used for securely computing "computationally-sensitive" functionalities (e.g., data-base queries, "proof of work"-protocols, or playing bridge on the Internet).
- B. Barak. How to go Beyond the Black-Box Simulation Barrier. In 42nd FOCS, pages 106--115, 2001. Google ScholarDigital Library
- B. Barak and O. Goldreich. Universal Arguments and their Applications. In 17th CCC, pages 194--203, 2002. Google ScholarDigital Library
- B. Barak and M. Prabhakaran and A. Sahai. Concurrent Non-Malleable Zero Knowledge. In 47th FOCS, pages 345--354, 2006. Google ScholarDigital Library
- B. Barak and A. Sahai. How To Play Almost Any Mental Game Over The Net -- Concurrent Composition via Super-Polynomial Simulation. In 46th FOCS, pages 543--522, 2005. Google ScholarDigital Library
- B. Barak and R. Pass. On the Possibility of One-Message Weak Zero-Knowledge. In TCC 2004, pages 121--132.Google Scholar
- B. Barak, R. Canetti, J. B. Nielsen, and R. Pass. Universally Composable Protocols with Relaxed Set-Up Assumptions. In 45th FOCS, pages 186--195, 2004. Google ScholarDigital Library
- D. Beaver. Foundations of Secure Interactive Computing. In Crypto91, Springer-Verlag LNCS 576, pages 377--391, 1991. Google ScholarDigital Library
- R. Canetti. Security and Composition of Multiparty Cryptographic Protocols. Jour. of Cryptology, 13(1):143--202, 2000.Google Scholar
- R. Canetti. Obtaining Universally Composable Security: Towards the Bare Bones of Trust. In Asiacrypt, pages 88--112, 2007. Google ScholarDigital Library
- R. Canetti. Universally Composable Security: A New Paradigm for Cryptographic Protocols. In 42nd FOCS, pages 136--145, 2001. Google ScholarDigital Library
- R. Canetti and M. Fischlin. Universally Composable Commitments. In Crypto2001, Springer LNCS 2139, pages 19--40, 2001. Google ScholarDigital Library
- R. Canetti, E. Kushilevitz and Y. Lindell. On the Limitations of Universally Composable Two-Party Computation Without Set-Up Assumptions. In Eurocrypt2003, Springer LNCS 2656, pages 68--86, 2003. Google ScholarDigital Library
- R. Canetti, Y. Dodis, R. Pass, S. Walfish. Universally Composable Security with Global Setup. In 4th TCC, 2007 Google ScholarDigital Library
- R. Canetti, Y. Lindell, R. Ostrovsky and A. Sahai. Universally Composable Two-Party and Multi-Party Computation. In 34th STOC, pages 494--503,2002. Google ScholarDigital Library
- R. Canetti, R. Pass, A. Shelat. Cryptography from Sunspots: How to Use an Imperfect Reference String. In 48th FOCS, pages 249--259, 2007. Google ScholarDigital Library
- Y. Dodis, S. Micali: Parallel Reducibility for Information-Theoretically Secure Computation. In CRYPTO 2000, pages 74--92. Google ScholarDigital Library
- D. Dolev, C. Dwork and M. Naor. Non-Malleable Cryptography. SIAM Jour. on Computing, Vol. 30(2), pages 391--437, 2000. Google ScholarDigital Library
- C. Dwork, M. Naor. Pricing via Processing or Combatting Junk Mail. In Crypto 1992, pages 139--147, 1992. Google ScholarDigital Library
- C. Dwork, M. Naor and A. Sahai. Concurrent Zero-Knowledge. In 30th STOC, pages 409--418, 1998. Google ScholarDigital Library
- A. Feige and A. Shamir. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In Crypto86, Springer LNCS 263, pages 181--187, 1987.Google Scholar
- O. Goldreich. Foundation of Cryptography -- Basic Tools. Cambridge University Press, 2001. Google ScholarDigital Library
- O. Goldreich and A. Kahan. How to Construct Constant-Round Zero-Knowledge Proof Systems for NP. Jour. of Cryptology, Vol. 9, No. 2, pages 167--189, 1996.Google ScholarDigital Library
- O. Goldreich, S. Micali and A. Wigderson. Proofs that Yield Nothing But Their Validity or All Languages in NP Have Zero-Knowledge Proof Systems. JACM, Vol. 38(1), pp. 691--729, 1991. Google ScholarDigital Library
- O. Goldreich, S. Micali and A. Wigderson. How to Play any Mental Game { A Completeness Theorem for Protocols with Honest Majority. In 19th STOC, pages 218--229, 1987. Google ScholarDigital Library
- S. Goldwasser and L. Levin. Fair Computation of General Functions in Presence of Immoral Majority. In CRYPTO'90, Springer-Verlag (LNCS 537), pages 77--93, 1990. Google ScholarDigital Library
- S. Goldwasser, S. Micali. Probabilistic Encryption. JCSS 28(2), pages 270--299, 1984.Google Scholar
- S. Goldwasser, S. Micali and C. Racko . The Knowledge Complexity of Interactive Proof Systems. SIAM Jour. on Computing, Vol. 18(1), pp. 186--208, 1989. Google ScholarDigital Library
- J. Groth and R. Ostrovsky. Cryptography in the Multi-string Model. In CRYPTO 2007, pages 323--341, 2007. Google ScholarDigital Library
- J. Katz. Universally Composable Multi-Party Computation using Tamper-Proof Hardware. In Eurocrypt 2007, pages 115--128, 2007. Google ScholarDigital Library
- J. Katz, R. Ostrovsky and A. Smith. Round Efficiency of Multi-Party Computation with a Dishonest Majority, In EuroCrypt2003. Springer LNCS 2656 pages 578--595, 2003. Google ScholarDigital Library
- Y. T. Kalai, Y. Lindell, and M. Prabhakaran. Concurrent general composition of secure protocols in the timing model.In 37th STOC, pages 644--653, 2005. Google ScholarDigital Library
- H. Lin, R. Pass, and M. Venkitasubramaniam. Concurrent Non-Malleable Commitments from One-way Functions. In TCC 2008, pages 571--588, 2008. Google ScholarDigital Library
- H. Lin, and R. Pass. Non-Malleability Amplification. In 41st STOC, 2009. Google ScholarDigital Library
- Y. Lindell. Bounded-Concurrent Secure Two-Party Computation Without Setup Assumptions. In 35th STOC, pages 683--692, 2003. Google ScholarDigital Library
- Y. Lindell. General Composition and Universal Composability in Secure Multi-Party Computation. In 44th FOCS, pages 394--403, 2003. Google ScholarDigital Library
- S. Micali. CS Proofs. SIAM Jour. on Computing, Vol. 30 (4), pages 1253--1298, 2000. Google ScholarDigital Library
- S. Micali and R. Pass. Local Zero Knowledge. In 38th STOC, pages 306--315, 2006. Google ScholarDigital Library
- S. Micali, R. Pass, A. Rosen. Input-Indistinguishable Computation. In 47th FOCS, pages 367--378 , 2006. Google ScholarDigital Library
- S. Micali and P. Rogaway. Secure computation. Unpublished manuscript, 1992. Preliminary version in CRYPTO'91, Springer-Verlag (LNCS 576), pages 392--404, 1991. Google ScholarDigital Library
- R. Ostrovksy, G. Persiano, I. Visconti. Concurrent Non-Malleable Witness Indistinguishability and its applications. http://eccc.hpi-web.de/eccc-reports/2006/TR06-095/ .Google Scholar
- R. Pass. Simulation in Quasi-Polynomial Time and Its Application to Protocol Composition. In EuroCrypt2003, Springer LNCS 2656, pages 160--176, 2003. Google ScholarDigital Library
- R. Pass. Bounded-Concurrent Secure Multi-Party Computation with a Dishonest Majority. In 36th STOC, 2004, pages 232--241, 2004. Google ScholarDigital Library
- R. Pass, A. Rosen. Bounded-Concurrent Secure Two-Party Computation in a Constant Number of Rounds. In 44th FOCS, pages 404--413, 2003. Google ScholarDigital Library
- R. Pass and A. Rosen Concurrent Non-Malleable Commitments. In 46th FOCS, pages 563--572, 2005. Google ScholarDigital Library
- M. Prabhakaran and A. Sahai. New notions of security: achieving universal composability without trusted setup. In 36th STOC, pages 242--251, 2004. Google ScholarDigital Library
- B. Pfitzmann and M. Waidner: A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission. IEEE Symposium on Security and Privacy 2001, pages 184--193, 2001. Google ScholarDigital Library
- M. Prabhakaran and A.Sahai. New notions of security: achieving universal composability without trusted setup. In STOC 2004, pages 242--251. Google ScholarDigital Library
- A. Sahai. Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security. In 40th FOCS, pages 543--553, 1999. Google ScholarDigital Library
- L. Trevisan and S. Vadhan. Extracting Randomness from Samplable Distributions. In FOCS 2000. Google ScholarDigital Library
- A. Yao. How to Generate and Exchange Secrets. In 27th FOCS, pages 162--167, 1986. Google ScholarDigital Library
Index Terms
- A unified framework for concurrent security: universal composability from stand-alone non-malleability
Recommendations
New notions of security: achieving universal composability without trusted setup
STOC '04: Proceedings of the thirty-sixth annual ACM symposium on Theory of computingWe propose a modification to the framework of Universally Composable (UC) security [3]. Our new notion involves comparing the real protocol execution with an ideal execution involving ideal functionalities (just as in UC-security), but allowing the ...
Simulatable Security and Polynomially Bounded Concurrent Composability
SP '06: Proceedings of the 2006 IEEE Symposium on Security and PrivacySimulatable security is a security notion for multi-party protocols that implies strong composability features. The main definitional flavours of simulatable security are standard simulatability, universal simulatability, and black-box simulatability. ...
Bounded-concurrent secure multi-party computation with a dishonest majority
STOC '04: Proceedings of the thirty-sixth annual ACM symposium on Theory of computingWe show how to securely realize any multi-party functionality in a way that preserves security under an a-priori bounded number of concurrent executions, regardless of the number of corrupted parties. Previous protocols for the above task either rely on ...
Comments