Editorial Notes
The editors have requested minor, non-substantive changes to the VoR and, in accordance with ACM policies, a Corrected VoR was published on October 14, 2020. For reference purposes the VoR may still be accessed via the Supplemental Material section on this page.
Abstract
This work presents a general framework for describing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols is preserved under a general composition operation, called universal composition. The proposed framework with its security-preserving composition operation allows for modular design and analysis of complex cryptographic protocols from simpler building blocks. Moreover, within this framework, protocols are guaranteed to maintain their security in any context, even in the presence of an unbounded number of arbitrary protocol sessions that run concurrently in an adversarially controlled manner. This is a useful guarantee, which allows arguing about the security of cryptographic protocols in complex and unpredictable environments such as modern communication networks.
Supplemental Material
Available for Download
Version of Record for "Universally Composable Security" by Canetti, Journal of the ACM Volume 67, Issue 5 (JACM 67:5).
- Martín Abadi and Andrew Gordon. 1999. A calculus for cryptographic protocols: The Spi calculus. Info. Comput. 148, 1 (1999), 1--70.Google ScholarDigital Library
- Martín Abadi and Phillip Rogaway. 2000. Reconciling two views of cryptography (The computational soundness of formal encryption). In Proceedings of the IFIP International Conference on Theoretical Computer Science (IFIP-TCS’00) (Lecture Notes in Computer Science), Jan van Leeuwen, Osamu Watanabe, Masami Hagiya, Peter D. Mosses, and Takayasu Ito (Eds.), Vol. 1872. Springer-Verlag, 3--22.Google Scholar
- Masayuki Abe and Serge Fehr. 2004. Adaptively secure Feldman VSS and applications to universally composable threshold cryptography. In Proceedings of the 24th Annual International Cryptology Conference (CRYPTO’04). 317--334. DOI:https://doi.org/10.1007/978-3-540-28628-8_20Google ScholarCross Ref
- Jesús F. Almansa. 2005. The full abstraction of the UC framework. IACR Cryptol. ePrint Arch. 2005 (2005), 19. Retrieved from http://eprint.iacr.org/2005/019.Google Scholar
- Michael Backes, Birgit Pfitzmann, and Michael Waidner. 2004. A general composition theorem for secure reactive systems. In Theory of Cryptography (LNCS), Moni Naor (Ed.), Vol. 2951. Springer, 336--354.Google Scholar
- Michael Backes, Birgit Pfitzmann, and Michael Waidner. 2007. The reactive simulatability (RSIM) framework for asynchronous systems. Info. Comput. 205, 12 (2007), 1685--1720.Google ScholarDigital Library
- Boaz Barak. 2001. How to go beyond the black-box simulation barrier. In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (FOCS’01). 106--115. DOI:https://doi.org/10.1109/SFCS.2001.959885Google ScholarCross Ref
- Boaz Barak, Ran Canetti, Yehuda Lindell, Rafael Pass, and Tal Rabin. 2011. Secure computation without authentication. J. Cryptol. 24, 4 (2011), 720--760.Google ScholarDigital Library
- Boaz Barak, Oded Goldreich, Shafi Goldwasser, and Yehuda Lindell. 2001. Resettably sound zero-knowledge and its applications. In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (FOCS’01). 116--125. DOI:https://doi.org/10.1109/SFCS.2001.959886Google ScholarCross Ref
- Boaz Barak, Yehuda Lindell, and Tal Rabin. 2004. Protocol initialization for the framework of universal composability. IACR Cryptol. ePrint Arch. 2004 (2004), 6. Retrieved from http://eprint.iacr.org/2004/006.Google Scholar
- Boaz Barak and Amit Sahai. 2005. How to play almost any mental game over the net—Concurrent composition via super-polynomial simulation. In Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS’05). 543--552. DOI:https://doi.org/10.1109/SFCS.2005.43Google ScholarDigital Library
- Donald Beaver. 1991. Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority. J. Cryptol. 4, 2 (Jan. 1991), 75--122.Google ScholarDigital Library
- Donald Beaver. 1996. Adaptive zero knowledge and computational equivocation (extended abstract). In Proceedings of the 28th Annual ACM Symposium on the Theory of Computing. 629--638. DOI:https://doi.org/10.1145/237814.238014Google ScholarDigital Library
- Mihir Bellare, Anand Desai, David Pointcheval, and Phillip Rogaway. [n.d.]. Relations among notions of security for public-key encryption schemes. 26--45. Retrieved from http://www.cs.ucsd.edu/users/mihir/papers/relations.html.Google Scholar
- Mihir Bellare and Phillip Rogaway. [n.d.]. Entity authentication and key distribution. In Proceedings of the Annual Cryptology Conference (CRYPTO’93). 232--249. Retrieved from http://www-cse.ucsd.edu/users/mihir/.Google Scholar
- Michael Ben-Or, Ran Canetti, and Oded Goldreich. 1993. Asynchronous secure computation. In Proceedings of the 25th Annual ACM Symposium on Theory of Computing. 52--61. DOI:https://doi.org/10.1145/167088.167109Google ScholarDigital Library
- Michael Ben-Or and Dominic Mayers. 2004. General security definition and composability for quantum 8 classical protocols. arXiv preprint quant-ph/0409062, 2004 - arxiv.org.Google Scholar
- Eli Biham and Adi Shamir. 1997. Differential fault analysis of secret key cryptosystems. In Proceedings of the Annual Cryptology Conference (CRYPTO’97).Google ScholarCross Ref
- Ray Bird, Inder S. Gopal, Amir Herzberg, Philippe A. Janson, Shay Kutten, Refik Molva, and Moti Yung. 1991. Systematic design of two-party authentication protocols. In Proceedings of the Annual Cryptology Conference (CRYPTO’91).Google Scholar
- Nir Bitansky, Ran Canetti, and Shai Halevi. 2012. Leakage-tolerant interactive protocols. IACR Cryptol. ePrint Arch. 2011 (2012), 204.Google Scholar
- Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 1997. On the importance of checking cryptographic protocols for faults (extended abstract). In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’97).Google Scholar
- Gilles Brassard, David Chaum, and Claude Crépeau. 1988. Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37 (1988), 156--189.Google ScholarDigital Library
- Ran Canetti. 2000. Security and composition of multi-party cryptographic protocols. J. Cryptol. 13, 1 (Jan. 2000), 143--202.Google ScholarDigital Library
- Ran Canetti. 2000. Universally composable security: A new paradigm for cryptographic protocols. IACR Cryptol. ePrint Arch. 2000 (2000), 67.Google Scholar
- Ran Canetti. 2001. Universally composable security: A new paradigm for cryptographic protocols. In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (FOCS’01). 136--145.Google ScholarCross Ref
- Ran Canetti. 2004. Universally composable signature, certification, and authentication. In Proceedings of the 17th IEEE Computer Security Foundations Workshop. 219--233.Google ScholarDigital Library
- Ran Canetti. 2006. Security and composition of cryptographic protocols: A tutorial. SIGACT News 37 (2006), 67--92.Google ScholarDigital Library
- Ran Canetti. 2007. Obtaining universally compoable security: Toward the bare bones of trust. IACR Cryptol. ePrint Arch. 2007 (2007), 475.Google Scholar
- Ran Canetti. 2008. Composable formal security analysis: Juggling soundness, simplicity and efficiency. In Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP’08).Google ScholarDigital Library
- Ran Canetti. 2013. Security and composition of cryptographic protocols: A tutorial. In Secure Multi-Party Computation (Cryptology and Information Security Series 10), Manoj Prabhakaran and Amit Sahai (Eds.). IOS Press, 61--119.Google Scholar
- Ran Canetti. 1995. Studies in Secure Multi-party Computation and Applications. Ph.D. Thesis, Weizmann Institute, Israel.Google Scholar
- Ran Canetti, Ling Cheung, Dilsun Kirli Kaynar, Moses D. Liskov, Nancy A. Lynch, Olivier Pereira, and Roberto Segala. 2018. Task-structured probabilistic I/O automata. J. Comput. Syst. Sci. 94 (2018), 63--97. DOI:https://doi.org/10.1016/j.jcss.2017.09.007Google ScholarCross Ref
- Ran Canetti, Asaf Cohen, and Yehuda Lindell. 2015. A simpler variant of universally composable security for standard multiparty computation. In Proceedings of the 35th Annual Cryptology Conference (CRYPTO’15). 3--22.Google ScholarCross Ref
- Ran Canetti, Yevgeniy Dodis, Rafael Pass, and Shabsi Walfish. 2007. Universally composable security with global setup. In Theory of Cryptography, Salil P. Vadhan (Ed.). Springer, Berlin, 61--85.Google Scholar
- Ran Canetti, Uriel Feige, Oded Goldreich, and Moni Naor. 1996. Adaptively secure multi-party computation. In Proceedings of the 28th Annual ACM Symposium on the Theory of Computing. 639--648.Google ScholarDigital Library
- Ran Canetti and Marc Fischlin. 2001. Universally composable commitments. In Proceedings of the 21st Annual Cryptology Conference (CRYPTO’01). 19--40.Google ScholarDigital Library
- Ran Canetti and Rosario Gennaro. 1996. Incoercible multiparty computation. In Proceedings of the 37th Annual Symposium on Foundations of Computer Science (FOCS’96). 504--513.Google ScholarDigital Library
- Ran Canetti, Shafi Goldwasser, and Oxana Poburinnaya. 2015. Adaptively secure two-party computation from indistinguishability obfuscation. In Proceedings of the 12th Theory of Cryptography Conference (TCC’15). 557--585.Google ScholarCross Ref
- Ran Canetti, Shai Halevi, and Jonathan Katz. 2005. Adaptively secure, non-interactive public-key encryption. In Proceedings of the 2nd Theory of Cryptography Conference (TCC’05). 150--168.Google ScholarDigital Library
- Ran Canetti and Jonathan Herzog. 2011. Universally composable symbolic security analysis. J. Cryptol. 24, 1 (2011), 83--147. DOI:https://doi.org/10.1007/s00145-009-9055-0Google ScholarDigital Library
- Ran Canetti and Hugo Krawczyk. [n.d.]. Analysis of key-exchange protocols and their use for building secure channels. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt’01). 453--474.Google Scholar
- Ran Canetti and Hugo Krawczyk. [n.d.]. Universally composable notions of key exchange and secure channels. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt’02). 337--351.Google Scholar
- Ran Canetti, Hugo Krawczyk, and Jesper Buus Nielsen. 2003. Relaxing chosen-ciphertext security. In Proceedings of the 23rd Annual International Cryptology Conference (CRYPTO’03). 565--582.Google ScholarCross Ref
- Ran Canetti, Yehuda Lindell, Rafail Ostrovsky, and Amit Sahai. 2002. Universally composable two-party and multi-party secure computation. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’02). ACM, 494--503.Google ScholarDigital Library
- Ran Canetti and Tal Rabin. 1993. Fast asynchronous Byzantine agreement with optimal resilience. In Proceedings of the 25th Annual ACM Symposium on Theory of Computing (STOC’93), S. Rao Kosaraju, David S. Johnson, and Alok Aggarwal (Eds.). ACM, 42--51. DOI:https://doi.org/10.1145/167088.167105Google ScholarDigital Library
- Ran Canetti and Tal Rabin. 2003. Universal composition with joint state. In Proceedings of the Annual Cryptology Conference (CRYPTO’03) (LNCS), Dan Boneh (Ed.), Vol. 2729. Springer, 265--281.Google ScholarCross Ref
- Ran Canetti, Daniel Shahaf, and Margarita Vald. 2016. Universally composable authentication and key-exchange with global PKI. In Proceedings of the Conference on Public-Key Cryptography (PKC’16), Chen-Mou Cheng, Kai-Min Chung, Giuseppe Persiano, and Bo-Yin Yang (Eds.). Springer, Berlin, 265--296.Google ScholarDigital Library
- Ran Canetti and Margarita Vald. 2012. Universally composable security with local adversaries. In Proceedings of the Conference on Simulation of Computer Networks (SCN’12) (Lecture Notes in Computer Science), Vol. 7485. Springer, 281--301.Google ScholarDigital Library
- Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. 1999. Toward sound approaches to counteract power-analysis attacks. In Proceedings of the Annual Cryptology Conference (CRYPTO’99).Google ScholarCross Ref
- Benny Chor and Lior Moscovici. 1989. Solvability in asynchronous environments (extended abstract). In Proceedings of the Annual Symposium on Foundations of Computer Science (FOCS’89).Google ScholarDigital Library
- Benny Chor and Lee-Bath Nelson. 1999. Solvability in asynchronous environments II: Finite interactive tasks. SIAM J. Comput. 29 (1999), 351--377.Google ScholarDigital Library
- Giovanni Di Crescenzo, Yuval Ishai, and Rafail Ostrovsky. 1998. Non-interactive and non-malleable commitment. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’98). 141--150.Google ScholarDigital Library
- Anupam Datta. 2005. Security Analysis of Network Protocols: Compositional Reasoning and Complexity-theoretic Foundations. Ph.D. Thesis, Computer Science Department, Stanford University.Google Scholar
- Yevgeniy Dodis and Silvio Micali. 2000. Parallel reducibility for information-theoretically secure computation. In Proceedings of the Annual Cryptology Conference (CRYPTO’00).Google ScholarCross Ref
- Danny Dolev, Cynthia Dwork, and Moni Naor. 2000. Nonmalleable cryptography. SIAM J. Comput. 30, 2 (2000), 391--437.Google ScholarDigital Library
- Cynthia Dwork, Moni Naor, and Amit Sahai. 2004. Concurrent zero-knowledge. J. ACM 51, 6 (2004), 851--898.Google ScholarDigital Library
- Shimon Even, Oded Goldreich, and Abraham Lempel. 1985. A randomized protocol for signing contracts. Commun. ACM 28, 6 (1985), 637--647.Google ScholarDigital Library
- Marc Fischlin and Roger Fischlin. 2000. Efficient non-malleable commitment schemes. In Proceedings of the 35th Annual Cryptology Conference (CRYPTO’00) (Lecture Notes in Computer Science), Vol. 1880. Springer, 413--431.Google ScholarCross Ref
- Juan Garay and Philip MacKenzie. 2000. Concurrent oblivious transfer. In Proceedings of the Annual Symposium on Foundations of Computer Science (FOCS’00). IEEE Computer Society, 314--324.Google ScholarCross Ref
- Rosario Gennaro, Anna Lysyanskaya, Tal Malkin, Silvio Micali, and Tal Rabin. 2004. Algorithmic tamper-proof (ATP) security: Theoretical foundations for security against hardware tampering. In Proceedings of the Theory of Cryptography Conference (TCC’04) (Lecture Notes in Computer Science), Vol. 2951. Springer, 258--277.Google ScholarCross Ref
- Oded Goldreich. 2001. Foundations of Cryptography—Basic Tools. Cambridge University Press.Google Scholar
- Oded Goldreich. 2002. Concurrent zero-knowledge with timing, revisited. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’02). ACM, 332--340.Google ScholarDigital Library
- Oded Goldreich. 2004. The Foundations of Cryptography—Volume 2: Basic Applications. Cambridge University Press.Google Scholar
- Oded Goldreich and Ariel Kahan. 1996. How to construct constant-round zero-knowledge proof systems for NP. J. Cryptol. 9, 3 (1996), 167--190.Google ScholarCross Ref
- Oded Goldreich and Hugo Krawczyk. 1996. On the composition of zero-knowledge proof systems. SIAM J. Comput. 25, 1 (1996), 169--192.Google ScholarDigital Library
- Oded Goldreich and Yehuda Lindell. 2006. Session-key generation using human passwords only. J. Cryptol. 19, 3 (2006), 241--340.Google ScholarDigital Library
- Oded Goldreich, Silvio Micali, and Avi Wigderson. 2019. How to play any mental game, or a completeness theorem for protocols with honest majority. In Providing Sound Foundations for Cryptography. ACM, 307--328.Google Scholar
- Oded Goldreich and Yair Oren. 1994. Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7, 1 (1994), 1--32.Google ScholarDigital Library
- Shafi Goldwasser and Leonid A. Levin. 1990. Fair computation of general functions in presence of immoral majority. In Proceedings of the Annual Cryptology Conference (CRYPTO’90) (Lecture Notes in Computer Science), Vol. 537. Springer, 77--93.Google Scholar
- Shafi Goldwasser and Silvio Micali. 1984. Probabilistic encryption. J. Comput. Syst. Sci. 28, 2 (1984), 270--299.Google ScholarCross Ref
- Shafi Goldwasser, Silvio Micali, and Charles Rackoff. 1989. The knowledge complexity of interactive proof systems. SIAM J. Comput. 18, 1 (1989), 186--208.Google ScholarDigital Library
- Jens Groth, Rafail Ostrovsky, and Amit Sahai. 2012. New techniques for noninteractive zero-knowledge. J. ACM 59, 3 (2012), 11:1--11:35.Google ScholarDigital Library
- Martin Hirt and Ueli M. Maurer. 1997. Complete characterization of adversaries tolerable in secure multi-party computation (extended abstract). In Proceedings of the Symposium on Principles of Distributed Computing (PODC’97). ACM, 25--34.Google Scholar
- C. A. R. Hoare. 1985. Communicating Sequential Processes. Prentice-Hall.Google ScholarDigital Library
- Dennis Hofheinz and Jörn Müller-Quade. 2004. A synchronous model for multi-party computation and the incompleteness of oblivious transfer. IACR Cryptol. ePrint Arch. 2004 (2004), 16.Google Scholar
- Dennis Hofheinz, Jörn Müller-Quade, and Rainer Steinwandt. 2003. Initiator-resilient universally composable key exchange. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’03) (Lecture Notes in Computer Science), Vol. 2808. Springer, 61--84.Google ScholarCross Ref
- Dennis Hofheinz and Victor Shoup. 2015. GNUC: A new universal composability framework. J. Cryptol. 28, 3 (2015), 423--508.Google ScholarDigital Library
- Dennis Hofheinz and Dominique Unruh. 2005. Comparing two notions of simulatability. In Proceedings of the Theory of Cryptography Conference (TCC’05) (Lecture Notes in Computer Science), Vol. 3378. Springer, 86--103.Google ScholarDigital Library
- Dennis Hofheinz, Dominique Unruh, and Jörn Müller-Quade. 2013. Polynomial runtime and composability. J. Cryptol. 26, 3 (2013), 375--441.Google ScholarDigital Library
- Gilles Kahn. 1974. The semantics of a simple language for parallel programming. In Proceedings of the International Federation for Information Processing Congress (IFIP’74). North-Holland, 471--475.Google Scholar
- Yael Tauman Kalai, Yehuda Lindell, and Manoj Prabhakaran. 2005. Concurrent general composition of secure protocols in the timing model. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’05).Google ScholarDigital Library
- Jonathan Katz, Ueli Maurer, Björn Tackmann, and Vassilis Zikas. 2013. Universally composable synchronous computation. In Proceedings of the Theory of Cryptography Conference (TCC’13) (Lecture Notes in Computer Science), Vol. 7785. Springer, 477--498.Google ScholarDigital Library
- Paul C. Kocher. 1996. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Proceedings of the Annual Cryptology Conference (CRYPTO’96).Google ScholarCross Ref
- Ralf Küsters. 2006. Simulation-based security with inexhaustible interactive Turing machines. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW’06) (2006), 12 pp.--320.Google ScholarDigital Library
- Ralf Küsters, Anupam Datta, John C. Mitchell, and Ajith Ramanathan. 2008. On the relationships between notions of simulation-based security. J. Cryptol. 21 (2008), 492--546.Google ScholarDigital Library
- Ralf Küsters, Max Tuengerthal, and Daniel Rausch. 2020. The IITM model: A simple and expressive model for universal composability. J. Cryptol. (2020). DOI:https://doi.org/10.1007/s00145-020-09352-1Google Scholar
- Patrick Lincoln, John C. Mitchell, Mark Mitchell, and Andre Scedrov. 1998. A probabilistic poly-time framework for protocol analysis. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’98).Google ScholarDigital Library
- Patrick Lincoln, John C. Mitchell, Mark Mitchell, and Andre Scedrov. 1999. Probabilistic polynomial-time equivalence and security analysis. In Proceedings of the World Congress on Formal Methods.Google ScholarCross Ref
- Yehuda Lindell. 2003. General composition and universal composability in secure multi-party computation. In Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science. 394--403.Google ScholarDigital Library
- Yehuda Lindell, Anna Lysyanskaya, and Tal Rabin. 2002. On the composition of authenticated byzantine agreement. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’02).Google ScholarDigital Library
- Nancy A. Lynch. 1996. Distributed Algorithms. Morgan Kaufmann.Google Scholar
- Nancy A. Lynch, Roberto Segala, and Frits W. Vaandrager. 2003. Compositionality for probabilistic automata. In Proceedings of the International Conference on Concurrency Theory (CONCUR’03).Google Scholar
- Paulo Mateus, John C. Mitchell, and Andre Scedrov. 2003. Composition of cryptographic protocols in a probabilistic polynomial-time process calculus. In Proceedings of the International Conference on Concurrency Theory (CONCUR’03).Google ScholarCross Ref
- Ueli Maurer and Renato Renner. 2011. Abstract cryptography. In Proceedings of the Innovations in Computer Science (ICS'11), Bernard Chazelle (Ed.). Tsinghua University Press, 1--21.Google Scholar
- Silvio Micali and Leonid Reyzin. 2004. Physically observable cryptography. In Proceedings of the Theory of Cryptography Conference (TCC’04).Google ScholarCross Ref
- Silvio Micali and Phillip Rogaway. 1991. Secure computation. In Unpublished Manuscript. Preliminary version in Advances in Cryptology—CRYPTO (LNCS), Joan Feigenbaum (Ed.), Vol. 576. Springer, 392--404.Google Scholar
- Daniele Micciancio and Stefano Tessaro. 2013. An equational approach to secure multi-party computation. In Proceedings of the Conference on Innovations in Theoretical Computer Science (ITCS’13). ACM, 355--372.Google ScholarDigital Library
- Daniele Micciancio and Bogdan Warinschi. 2004. Soundness of formal encryption in the presence of active adversaries. In Proceedings of the Theory of Cryptography Conference (TCC’04) (Lecture Notes in Computer Science). Springer, 133--151.Google ScholarCross Ref
- Robin Milner. 1989. Communication and Concurrency. Prentice Hall.Google ScholarDigital Library
- Robin Milner. 1999. Communicating and Mobile Systems—The Pi-calculus. Cambridge University Press.Google ScholarDigital Library
- John C. Mitchell, Mark Mitchell, and Andre Scedrov. 1998. A linguistic characterization of bounded oracle computation and probabilistic polynomial time. In Proceedings of the Annual Symposium on Foundations of Computer Science (FOCS’98). IEEE Computer Society, 725--733.Google ScholarCross Ref
- Moni Naor and Moti Yung. 1990. Public-key cryptosystems provably secure against chosen ciphertext attacks. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’90). ACM, 427--437.Google ScholarDigital Library
- Jesper Buus Nielsen. 2002. Separating random oracle proofs from complexity theoretic proofs: The non-committing encryption case. In Proceedings of the Annual Cryptology Conference (CRYPTO’02) (Lecture Notes in Computer Science), Vol. 2442. Springer, 111--126.Google ScholarCross Ref
- Jesper Buus Nielsen. 2003. On protocol security in the cryptographic model. Ph.D. Thesis, Arhus University.Google Scholar
- Rafael Pass. 2004. Bounded-concurrent secure multi-party computation with a dishonest majority. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’04).Google ScholarDigital Library
- Rafael Pass. 2006. A precise computational approach to knowledge. Ph.D. Thesis, MIT.Google Scholar
- Birgit Pfitzmann, Matthias Schunter, and Michael Waidner. 2000. Cryptographic security of reactive systems. Electron. Notes Theor. Comput. Sci. 32 (2000), 59--77. DOI:https://doi.org/10.1016/S1571-0661(04)00095-7Google ScholarCross Ref
- Birgit Pfitzmann and Michael Waidner. 2000. Composition and integrity preservation of secure reactive systems. In Proceedings of the ACM Conference on Computer and Communications Security.Google ScholarDigital Library
- Birgit Pfitzmann and Michael Waidner. 2001. A model for asynchronous reactive systems and its application to secure message transmission. Proceedings of the IEEE Symposium on Security and Privacy (S8P’01). 184--200.Google ScholarCross Ref
- Birgit Pfitzmann and Michael Waidner. 1994. Hildesheimer Informatik-Berichte 11/94, Universitat Hildesheim. Retrieved from http://www.semper.org/sirene/lit.Google Scholar
- Manoj Prabhakaran and Amit Sahai. 2004. New notions of security: Achieving universal composability without trusted setup. IACR Cryptol. ePrint Arch. 2004 (2004), 139.Google Scholar
- Michael O. Rabin. 1981. How to exchange secrets with oblivious transfer. Technical report TR-81, Aiken Computation Laboratory, Harvard University (1981).Google Scholar
- Charles Rackoff and Daniel R. Simon. 1991. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In Proceedings of the Annual Cryptology Conference (CRYPTO’91).Google Scholar
- Ransom Richardson and Joe Kilian. 1999. On the concurrent composition of zero-knowledge proofs. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’99).Google ScholarCross Ref
- Roberto Segala and Nancy A. Lynch. 1994. Probabilistic simulations for probabilistic processes. Nord. J. Comput. 2 (1994), 250--273.Google Scholar
- Victor Shoup. 1999. On formal models for secure key exchange. IACR Cryptol. ePrint Arch. 1999 (1999), 12.Google Scholar
- Michael Sipser. 2013. Introduction to the Theory of Computation, 3rd ed. Cengage Learning Publishing Company.Google Scholar
- Douglas Wikström. 2016. Simplified universal composability framework. In Proceedings of the Theory of Cryptography Conference (TCC’16).Google ScholarDigital Library
- Douglas Wikström. 2005. On the security of mix-nets and hierarchical group signatures. Ph.D. Thesis, KTH.Google Scholar
- Andrew Chi-Chih Yao. 1982. Protocols for secure computations. In Proceedings of the 22nd Annual Symposium on Foundations of Computer Science (FOCS’82).Google Scholar
- Andrew Chi-Chih Yao. 1982. Theory and applications of trapdoor functions (extended abstract). In Proceedings of the 22nd Annual Symposium on Foundations of Computer Science (FOCS’82). 80--91.Google Scholar
Index Terms
- Universally Composable Security
Recommendations
Universally composable contributory group key exchange
ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications SecurityWe treat the security of group key exchange (GKE) in the universal composability (UC) framework. Analyzing GKE protocols in the UC framework naturally addresses attacks by malicious insiders. We define an ideal functionality for GKE that captures ...
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01: Proceedings of the 42nd IEEE symposium on Foundations of Computer ScienceWe propose a new paradigm for defining security of cryptographic protocols, called universally composable security. The salient property of universally composable definitions of security is that they guarantee security even when a secure protocol is ...
Incoercible Multi-party Computation and Universally Composable Receipt-Free Voting
Advances in Cryptology -- CRYPTO 2015AbstractComposable notions of incoercibility aim to forbid a coercer from using anything beyond the coerced parties’ inputs and outputs to catch them when they try to deceive him. Existing definitions are restricted to weak coercion types, and/or are not ...
Comments