nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

Universal Composition with Global Subroutines: Capturing Global Setup Within Plain UC

verfasst von : Christian Badertscher, Ran Canetti, Julia Hesse, Björn Tackmann, Vassilis Zikas

Erschienen in: Theory of Cryptography

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The Global and Externalized UC frameworks [Canetti-Dodis-Pass-Walfish, TCC 07] extend the plain UC framework to additionally handle protocols that use a “global setup”, namely a mechanism that is also used by entities outside the protocol. These frameworks have broad applicability: Examples include public-key infrastructures, common reference strings, shared synchronization mechanisms, global blockchains, or even abstractions such as the random oracle. However, the need to work in a specialized framework has been a source of confusion, incompatibility, and an impediment to broader use.

We show how security in the presence of a global setup can be captured within the plain UC framework, thus significantly simplifying the treatment. This is done as follows:

We extend UC-emulation to the case where both the emulating protocol \(\pi \) and the emulated protocol \(\phi \) make subroutine calls to protocol \(\gamma \) that is accessible also outside \(\pi \) and \(\phi \). As usual, this notion considers only a single instance of \(\phi \) or \(\pi \) (alongside \(\gamma \)).
We extend the UC theorem to hold even with respect to the new notion of UC emulation. That is, we show that if \(\pi \) UC-emulates \(\phi \) in the presence of \(\gamma \), then \(\rho ^{\phi \rightarrow \pi }\) UC-emulates \(\rho \) for any protocol \(\rho \), even when \(\rho \) uses \(\gamma \) directly, and in addition calls many instances of \(\phi \), all of which use the same instance of \(\gamma \). We prove this extension using the existing UC theorem as a black box, thus further simplifying the treatment.

We also exemplify how our treatment can be used to streamline, within the plain UC model, proofs of security of systems that involve global set-up, thus providing greater simplicity and flexibility.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nächstes Kapitel Security Analysis of

Nur mit Berechtigung zugänglich

Indeed, there is at the moment no completely consistent composition theorem for EUC protocols. For instance, the notion of a challenge protocol is not sufficiently well specified. Also the treatment of external identities is lacking. This is discussed further in [BCH+20].

While there are alternative solutions such as an extra shell propagating information about the execution graph, the directory appears to be a technically simple solution for our transformation. Our transformation is a proof technique, and as such the transformed protocol is not meant to be deployed in reality (where one may argue that such a central entity is unrealistic).

The functionality is also expected to provide this list upon a special request from dummy party with PID \(\mathscr {A}\) such that the corruption sets can be verified by the environment to be identical in both the ideal and real worlds.

Let us emphasize that party (i.e., machine) A is not a participant of the protocol \(\phi ^{A}_\mathrm {auth}\) (i.e., does not run the code \(\phi ^{A}_\mathrm {auth}\)), but is the ITI which invokes the (sender’s part of the) protocol \(\phi ^{A}_\mathrm {auth}\) (with PID A).

Clearly, if we assume again PID-wise corruption like previous paragraphs, we need to further restrict the environment to access only the corruption aggregation machine of the ledger protocol to obtain the natural interpretation of “PID-wise corruption”.

[BCH+20]

Badertscher, C., Canetti, R., Hesse, J., Tackmann, B., Zikas, V.: Universal composition with global subroutines: Capturing global setup within plain UC. Cryptology ePrint Archive (2020)

[BCL+11]

Barak, B., Canetti, R., Lindell, Y., Pass, R., Rabin, T.: Secure computation without authentication. J. Cryptol. 24(4), 720–760 (2010). https://doi.org/10.1007/s00145-010-9075-9MathSciNetCrossRefMATH

[Bea91]

Beaver, D.: Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority. J. Cryptol. 4(2), 75–122 (1991). https://doi.org/10.1007/BF00196771CrossRefMATH

[BGK+18]

Badertscher, C., Gaži, P., Kiayias, A., Russell, A., Zikas, V.: Ouroboros genesis: composable proof-of-stake blockchains with dynamic availability. In: ACM CCS, pp. 913–930 (2018)

[BGM+18]

Badertscher, C., Garay, J., Maurer, U., Tschudi, D., Zikas, V.: But why does it work? A rational protocol design treatment of bitcoin. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 34–65. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_2CrossRef

[BMTZ17]

Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: a composable treatment. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 324–356. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_11CrossRef

[BPW04]

Backes, M., Pfitzmann, B., Waidner, M.: A general composition theorem for secure reactive systems. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 336–354. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24638-1_19CrossRef

[BPW07]

Backes, M., Pfitzmann, B., Waidner, M.: The reactive simulatability (RSIM) framework for asynchronous systems. Inf. Comput. 205(12), 1685–1720 (2007)MathSciNetCrossRef

[Can00]

Canetti, R.: Security and composition of multi-party cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000). https://doi.org/10.1007/s001459910006CrossRefMATH

[Can01]

Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS, FOCS 2001, Washington, DC, USA, pp. 136–145. IEEE Computer Society (2001)

[Can20]

Canetti, R.: Universally composable security. J. ACM 67(5), 1–94 (2020)MathSciNetCrossRef

[CDPW07]

Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_4CrossRef

[CDT19]

Camenisch, J., Drijvers, M., Tackmann, B.: Multi-protocol UC and its use for building modular and efficient protocols. Cryptology ePrint Archive, report 2019/065, January 2019

[CKKR19]

Camenisch, J., Krenn, S., Küsters, R., Rausch, D.: iUC: flexible universal composability made simple. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11923, pp. 191–221. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34618-8_7CrossRef

[CR03]

Canetti, R., Rabin, T.: Universal composition with joint state. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 265–281. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_16CrossRef

[CSV16]

Canetti, R., Shahaf, D., Vald, M.: Universally composable authentication and key-exchange with global PKI. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 265–296. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49387-8_11CrossRefMATH

[GHM+17]

Gilad, Y., Hemo, R., Micali, S., Vlachos, G., Zeldovich, N.: Algorand: scaling byzantine agreements for cryptocurrencies. In: Proceedings of the 26th Symposium on Operating Systems Principles, SOSP 2017, New York, NY, USA, pp. 51–68. Association for Computing Machinery (2017)

[GKL15]

Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10CrossRef

[HM97]

Hirt, M., Maurer, U.: Complete characterization of adversaries tolerable in secure multi-party computation. In: ACM PODC, pp. 25–34. ACM (1997)

[HS16]

Hofheinz, D., Shoup, V.: GNUC: a new universal composability framework. J. Cryptol. 28(3), 423–508 (2016)MathSciNetCrossRef

[KKKZ18]

Kerber, T., Kohlweiss, M., Kiayias, A., Zikas, V.: Ouroboros crypsinous: Privacy-preserving proof-of-stake. IACR Cryptology ePrint Archive, 2018:1132 (2018). To appear at IEEE S&P 2019

[KMT20]

Küsters, R., Tuengerthal, M., Rausch, D.: The IITM model: a simple and expressive model for universal composability. J. Cryptol. 33(4), 1461–1584 (2020). https://doi.org/10.1007/s00145-020-09352-1MathSciNetCrossRefMATH

[Mau11]

Maurer, U.: Constructive cryptography – a new paradigm for security definitions and proofs. In: Mödersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 33–56. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27375-9_3CrossRefMATH

[MR91]

Micali, S., Rogaway, P.: Secure computation. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 392–404. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_32CrossRef

[MR11]

Maurer, U., Renner, R.: Abstract cryptography. In: Innovations in Computer Science (2011)

[PSS17]

Pass, R., Seeman, L., Shelat, A.: Analysis of the blockchain protocol in asynchronous networks. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 643–673. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_22CrossRefMATH

[PW00]

Pfitzmann, B., Waidner, M.: Composition and integrity preservation of secure reactive systems. In: ACM CCS, pp. 245–254 (2000)

Titel: Universal Composition with Global Subroutines: Capturing Global Setup Within Plain UC
verfasst von: Christian Badertscher
Ran Canetti
Julia Hesse
Björn Tackmann
Vassilis Zikas
Verlag: Springer International Publishing
Buch: Theory of Cryptography
Print ISBN: 978-3-030-64380-5

Electronic ISBN: 978-3-030-64381-2

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-64381-2_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner