research-article

Public Access

Universally Composable Security

Author:
Ran Canetti

Boston University, Boston MA, USA

Boston University, Boston MA, USA

0000-0002-5479-7540
View Profile

Authors Info & Claims

Journal of the ACM Volume 67 Issue 5Article No.: 28pp 1–94https://doi.org/10.1145/3402457

Published:16 September 2020Publication History

Journal of the ACM

Editorial Notes

The editors have requested minor, non-substantive changes to the VoR and, in accordance with ACM policies, a Corrected VoR was published on October 14, 2020. For reference purposes the VoR may still be accessed via the Supplemental Material section on this page.

Abstract

This work presents a general framework for describing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols is preserved under a general composition operation, called universal composition. The proposed framework with its security-preserving composition operation allows for modular design and analysis of complex cryptographic protocols from simpler building blocks. Moreover, within this framework, protocols are guaranteed to maintain their security in any context, even in the presence of an unbounded number of arbitrary protocol sessions that run concurrently in an adversarially controlled manner. This is a useful guarantee, which allows arguing about the security of cryptographic protocols in complex and unpredictable environments such as modern communication networks.

Supplemental Material

Available for Download

pdf

3402457-vor.pdf (3.8 MB)

Version of Record for "Universally Composable Security" by Canetti, Journal of the ACM Volume 67, Issue 5 (JACM 67:5).

References

Martín Abadi and Andrew Gordon. 1999. A calculus for cryptographic protocols: The Spi calculus. Info. Comput. 148, 1 (1999), 1--70.Google ScholarDigital Library
Martín Abadi and Phillip Rogaway. 2000. Reconciling two views of cryptography (The computational soundness of formal encryption). In Proceedings of the IFIP International Conference on Theoretical Computer Science (IFIP-TCS’00) (Lecture Notes in Computer Science), Jan van Leeuwen, Osamu Watanabe, Masami Hagiya, Peter D. Mosses, and Takayasu Ito (Eds.), Vol. 1872. Springer-Verlag, 3--22.Google Scholar
Masayuki Abe and Serge Fehr. 2004. Adaptively secure Feldman VSS and applications to universally composable threshold cryptography. In Proceedings of the 24th Annual International Cryptology Conference (CRYPTO’04). 317--334. DOI:https://doi.org/10.1007/978-3-540-28628-8_20Google ScholarCross Ref
Jesús F. Almansa. 2005. The full abstraction of the UC framework. IACR Cryptol. ePrint Arch. 2005 (2005), 19. Retrieved from http://eprint.iacr.org/2005/019.Google Scholar
Michael Backes, Birgit Pfitzmann, and Michael Waidner. 2004. A general composition theorem for secure reactive systems. In Theory of Cryptography (LNCS), Moni Naor (Ed.), Vol. 2951. Springer, 336--354.Google Scholar
Michael Backes, Birgit Pfitzmann, and Michael Waidner. 2007. The reactive simulatability (RSIM) framework for asynchronous systems. Info. Comput. 205, 12 (2007), 1685--1720.Google ScholarDigital Library
Boaz Barak. 2001. How to go beyond the black-box simulation barrier. In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (FOCS’01). 106--115. DOI:https://doi.org/10.1109/SFCS.2001.959885Google ScholarCross Ref
Boaz Barak, Ran Canetti, Yehuda Lindell, Rafael Pass, and Tal Rabin. 2011. Secure computation without authentication. J. Cryptol. 24, 4 (2011), 720--760.Google ScholarDigital Library
Boaz Barak, Oded Goldreich, Shafi Goldwasser, and Yehuda Lindell. 2001. Resettably sound zero-knowledge and its applications. In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (FOCS’01). 116--125. DOI:https://doi.org/10.1109/SFCS.2001.959886Google ScholarCross Ref
Boaz Barak, Yehuda Lindell, and Tal Rabin. 2004. Protocol initialization for the framework of universal composability. IACR Cryptol. ePrint Arch. 2004 (2004), 6. Retrieved from http://eprint.iacr.org/2004/006.Google Scholar
Boaz Barak and Amit Sahai. 2005. How to play almost any mental game over the net—Concurrent composition via super-polynomial simulation. In Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS’05). 543--552. DOI:https://doi.org/10.1109/SFCS.2005.43Google ScholarDigital Library
Donald Beaver. 1991. Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority. J. Cryptol. 4, 2 (Jan. 1991), 75--122.Google ScholarDigital Library
Donald Beaver. 1996. Adaptive zero knowledge and computational equivocation (extended abstract). In Proceedings of the 28th Annual ACM Symposium on the Theory of Computing. 629--638. DOI:https://doi.org/10.1145/237814.238014Google ScholarDigital Library
Mihir Bellare, Anand Desai, David Pointcheval, and Phillip Rogaway. [n.d.]. Relations among notions of security for public-key encryption schemes. 26--45. Retrieved from http://www.cs.ucsd.edu/users/mihir/papers/relations.html.Google Scholar
Mihir Bellare and Phillip Rogaway. [n.d.]. Entity authentication and key distribution. In Proceedings of the Annual Cryptology Conference (CRYPTO’93). 232--249. Retrieved from http://www-cse.ucsd.edu/users/mihir/.Google Scholar
Michael Ben-Or, Ran Canetti, and Oded Goldreich. 1993. Asynchronous secure computation. In Proceedings of the 25th Annual ACM Symposium on Theory of Computing. 52--61. DOI:https://doi.org/10.1145/167088.167109Google ScholarDigital Library
Michael Ben-Or and Dominic Mayers. 2004. General security definition and composability for quantum 8 classical protocols. arXiv preprint quant-ph/0409062, 2004 - arxiv.org.Google Scholar
Eli Biham and Adi Shamir. 1997. Differential fault analysis of secret key cryptosystems. In Proceedings of the Annual Cryptology Conference (CRYPTO’97).Google ScholarCross Ref
Ray Bird, Inder S. Gopal, Amir Herzberg, Philippe A. Janson, Shay Kutten, Refik Molva, and Moti Yung. 1991. Systematic design of two-party authentication protocols. In Proceedings of the Annual Cryptology Conference (CRYPTO’91).Google Scholar
Nir Bitansky, Ran Canetti, and Shai Halevi. 2012. Leakage-tolerant interactive protocols. IACR Cryptol. ePrint Arch. 2011 (2012), 204.Google Scholar
Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 1997. On the importance of checking cryptographic protocols for faults (extended abstract). In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’97).Google Scholar
Gilles Brassard, David Chaum, and Claude Crépeau. 1988. Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37 (1988), 156--189.Google ScholarDigital Library
Ran Canetti. 2000. Security and composition of multi-party cryptographic protocols. J. Cryptol. 13, 1 (Jan. 2000), 143--202.Google ScholarDigital Library
Ran Canetti. 2000. Universally composable security: A new paradigm for cryptographic protocols. IACR Cryptol. ePrint Arch. 2000 (2000), 67.Google Scholar
Ran Canetti. 2001. Universally composable security: A new paradigm for cryptographic protocols. In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (FOCS’01). 136--145.Google ScholarCross Ref
Ran Canetti. 2004. Universally composable signature, certification, and authentication. In Proceedings of the 17th IEEE Computer Security Foundations Workshop. 219--233.Google ScholarDigital Library
Ran Canetti. 2006. Security and composition of cryptographic protocols: A tutorial. SIGACT News 37 (2006), 67--92.Google ScholarDigital Library
Ran Canetti. 2007. Obtaining universally compoable security: Toward the bare bones of trust. IACR Cryptol. ePrint Arch. 2007 (2007), 475.Google Scholar
Ran Canetti. 2008. Composable formal security analysis: Juggling soundness, simplicity and efficiency. In Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP’08).Google ScholarDigital Library
Ran Canetti. 2013. Security and composition of cryptographic protocols: A tutorial. In Secure Multi-Party Computation (Cryptology and Information Security Series 10), Manoj Prabhakaran and Amit Sahai (Eds.). IOS Press, 61--119.Google Scholar
Ran Canetti. 1995. Studies in Secure Multi-party Computation and Applications. Ph.D. Thesis, Weizmann Institute, Israel.Google Scholar
Ran Canetti, Ling Cheung, Dilsun Kirli Kaynar, Moses D. Liskov, Nancy A. Lynch, Olivier Pereira, and Roberto Segala. 2018. Task-structured probabilistic I/O automata. J. Comput. Syst. Sci. 94 (2018), 63--97. DOI:https://doi.org/10.1016/j.jcss.2017.09.007Google ScholarCross Ref
Ran Canetti, Asaf Cohen, and Yehuda Lindell. 2015. A simpler variant of universally composable security for standard multiparty computation. In Proceedings of the 35th Annual Cryptology Conference (CRYPTO’15). 3--22.Google ScholarCross Ref
Ran Canetti, Yevgeniy Dodis, Rafael Pass, and Shabsi Walfish. 2007. Universally composable security with global setup. In Theory of Cryptography, Salil P. Vadhan (Ed.). Springer, Berlin, 61--85.Google Scholar
Ran Canetti, Uriel Feige, Oded Goldreich, and Moni Naor. 1996. Adaptively secure multi-party computation. In Proceedings of the 28th Annual ACM Symposium on the Theory of Computing. 639--648.Google ScholarDigital Library
Ran Canetti and Marc Fischlin. 2001. Universally composable commitments. In Proceedings of the 21st Annual Cryptology Conference (CRYPTO’01). 19--40.Google ScholarDigital Library
Ran Canetti and Rosario Gennaro. 1996. Incoercible multiparty computation. In Proceedings of the 37th Annual Symposium on Foundations of Computer Science (FOCS’96). 504--513.Google ScholarDigital Library
Ran Canetti, Shafi Goldwasser, and Oxana Poburinnaya. 2015. Adaptively secure two-party computation from indistinguishability obfuscation. In Proceedings of the 12th Theory of Cryptography Conference (TCC’15). 557--585.Google ScholarCross Ref
Ran Canetti, Shai Halevi, and Jonathan Katz. 2005. Adaptively secure, non-interactive public-key encryption. In Proceedings of the 2nd Theory of Cryptography Conference (TCC’05). 150--168.Google ScholarDigital Library
Ran Canetti and Jonathan Herzog. 2011. Universally composable symbolic security analysis. J. Cryptol. 24, 1 (2011), 83--147. DOI:https://doi.org/10.1007/s00145-009-9055-0Google ScholarDigital Library
Ran Canetti and Hugo Krawczyk. [n.d.]. Analysis of key-exchange protocols and their use for building secure channels. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt’01). 453--474.Google Scholar
Ran Canetti and Hugo Krawczyk. [n.d.]. Universally composable notions of key exchange and secure channels. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt’02). 337--351.Google Scholar
Ran Canetti, Hugo Krawczyk, and Jesper Buus Nielsen. 2003. Relaxing chosen-ciphertext security. In Proceedings of the 23rd Annual International Cryptology Conference (CRYPTO’03). 565--582.Google ScholarCross Ref
Ran Canetti, Yehuda Lindell, Rafail Ostrovsky, and Amit Sahai. 2002. Universally composable two-party and multi-party secure computation. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’02). ACM, 494--503.Google ScholarDigital Library
Ran Canetti and Tal Rabin. 1993. Fast asynchronous Byzantine agreement with optimal resilience. In Proceedings of the 25th Annual ACM Symposium on Theory of Computing (STOC’93), S. Rao Kosaraju, David S. Johnson, and Alok Aggarwal (Eds.). ACM, 42--51. DOI:https://doi.org/10.1145/167088.167105Google ScholarDigital Library
Ran Canetti and Tal Rabin. 2003. Universal composition with joint state. In Proceedings of the Annual Cryptology Conference (CRYPTO’03) (LNCS), Dan Boneh (Ed.), Vol. 2729. Springer, 265--281.Google ScholarCross Ref
Ran Canetti, Daniel Shahaf, and Margarita Vald. 2016. Universally composable authentication and key-exchange with global PKI. In Proceedings of the Conference on Public-Key Cryptography (PKC’16), Chen-Mou Cheng, Kai-Min Chung, Giuseppe Persiano, and Bo-Yin Yang (Eds.). Springer, Berlin, 265--296.Google ScholarDigital Library
Ran Canetti and Margarita Vald. 2012. Universally composable security with local adversaries. In Proceedings of the Conference on Simulation of Computer Networks (SCN’12) (Lecture Notes in Computer Science), Vol. 7485. Springer, 281--301.Google ScholarDigital Library
Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. 1999. Toward sound approaches to counteract power-analysis attacks. In Proceedings of the Annual Cryptology Conference (CRYPTO’99).Google ScholarCross Ref
Benny Chor and Lior Moscovici. 1989. Solvability in asynchronous environments (extended abstract). In Proceedings of the Annual Symposium on Foundations of Computer Science (FOCS’89).Google ScholarDigital Library
Benny Chor and Lee-Bath Nelson. 1999. Solvability in asynchronous environments II: Finite interactive tasks. SIAM J. Comput. 29 (1999), 351--377.Google ScholarDigital Library
Giovanni Di Crescenzo, Yuval Ishai, and Rafail Ostrovsky. 1998. Non-interactive and non-malleable commitment. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’98). 141--150.Google ScholarDigital Library
Anupam Datta. 2005. Security Analysis of Network Protocols: Compositional Reasoning and Complexity-theoretic Foundations. Ph.D. Thesis, Computer Science Department, Stanford University.Google Scholar
Yevgeniy Dodis and Silvio Micali. 2000. Parallel reducibility for information-theoretically secure computation. In Proceedings of the Annual Cryptology Conference (CRYPTO’00).Google ScholarCross Ref
Danny Dolev, Cynthia Dwork, and Moni Naor. 2000. Nonmalleable cryptography. SIAM J. Comput. 30, 2 (2000), 391--437.Google ScholarDigital Library
Cynthia Dwork, Moni Naor, and Amit Sahai. 2004. Concurrent zero-knowledge. J. ACM 51, 6 (2004), 851--898.Google ScholarDigital Library
Shimon Even, Oded Goldreich, and Abraham Lempel. 1985. A randomized protocol for signing contracts. Commun. ACM 28, 6 (1985), 637--647.Google ScholarDigital Library
Marc Fischlin and Roger Fischlin. 2000. Efficient non-malleable commitment schemes. In Proceedings of the 35th Annual Cryptology Conference (CRYPTO’00) (Lecture Notes in Computer Science), Vol. 1880. Springer, 413--431.Google ScholarCross Ref
Juan Garay and Philip MacKenzie. 2000. Concurrent oblivious transfer. In Proceedings of the Annual Symposium on Foundations of Computer Science (FOCS’00). IEEE Computer Society, 314--324.Google ScholarCross Ref
Rosario Gennaro, Anna Lysyanskaya, Tal Malkin, Silvio Micali, and Tal Rabin. 2004. Algorithmic tamper-proof (ATP) security: Theoretical foundations for security against hardware tampering. In Proceedings of the Theory of Cryptography Conference (TCC’04) (Lecture Notes in Computer Science), Vol. 2951. Springer, 258--277.Google ScholarCross Ref
Oded Goldreich. 2001. Foundations of Cryptography—Basic Tools. Cambridge University Press.Google Scholar
Oded Goldreich. 2002. Concurrent zero-knowledge with timing, revisited. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’02). ACM, 332--340.Google ScholarDigital Library
Oded Goldreich. 2004. The Foundations of Cryptography—Volume 2: Basic Applications. Cambridge University Press.Google Scholar
Oded Goldreich and Ariel Kahan. 1996. How to construct constant-round zero-knowledge proof systems for NP. J. Cryptol. 9, 3 (1996), 167--190.Google ScholarCross Ref
Oded Goldreich and Hugo Krawczyk. 1996. On the composition of zero-knowledge proof systems. SIAM J. Comput. 25, 1 (1996), 169--192.Google ScholarDigital Library
Oded Goldreich and Yehuda Lindell. 2006. Session-key generation using human passwords only. J. Cryptol. 19, 3 (2006), 241--340.Google ScholarDigital Library
Oded Goldreich, Silvio Micali, and Avi Wigderson. 2019. How to play any mental game, or a completeness theorem for protocols with honest majority. In Providing Sound Foundations for Cryptography. ACM, 307--328.Google Scholar
Oded Goldreich and Yair Oren. 1994. Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7, 1 (1994), 1--32.Google ScholarDigital Library
Shafi Goldwasser and Leonid A. Levin. 1990. Fair computation of general functions in presence of immoral majority. In Proceedings of the Annual Cryptology Conference (CRYPTO’90) (Lecture Notes in Computer Science), Vol. 537. Springer, 77--93.Google Scholar
Shafi Goldwasser and Silvio Micali. 1984. Probabilistic encryption. J. Comput. Syst. Sci. 28, 2 (1984), 270--299.Google ScholarCross Ref
Shafi Goldwasser, Silvio Micali, and Charles Rackoff. 1989. The knowledge complexity of interactive proof systems. SIAM J. Comput. 18, 1 (1989), 186--208.Google ScholarDigital Library
Jens Groth, Rafail Ostrovsky, and Amit Sahai. 2012. New techniques for noninteractive zero-knowledge. J. ACM 59, 3 (2012), 11:1--11:35.Google ScholarDigital Library
Martin Hirt and Ueli M. Maurer. 1997. Complete characterization of adversaries tolerable in secure multi-party computation (extended abstract). In Proceedings of the Symposium on Principles of Distributed Computing (PODC’97). ACM, 25--34.Google Scholar
C. A. R. Hoare. 1985. Communicating Sequential Processes. Prentice-Hall.Google ScholarDigital Library
Dennis Hofheinz and Jörn Müller-Quade. 2004. A synchronous model for multi-party computation and the incompleteness of oblivious transfer. IACR Cryptol. ePrint Arch. 2004 (2004), 16.Google Scholar
Dennis Hofheinz, Jörn Müller-Quade, and Rainer Steinwandt. 2003. Initiator-resilient universally composable key exchange. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’03) (Lecture Notes in Computer Science), Vol. 2808. Springer, 61--84.Google ScholarCross Ref
Dennis Hofheinz and Victor Shoup. 2015. GNUC: A new universal composability framework. J. Cryptol. 28, 3 (2015), 423--508.Google ScholarDigital Library
Dennis Hofheinz and Dominique Unruh. 2005. Comparing two notions of simulatability. In Proceedings of the Theory of Cryptography Conference (TCC’05) (Lecture Notes in Computer Science), Vol. 3378. Springer, 86--103.Google ScholarDigital Library
Dennis Hofheinz, Dominique Unruh, and Jörn Müller-Quade. 2013. Polynomial runtime and composability. J. Cryptol. 26, 3 (2013), 375--441.Google ScholarDigital Library
Gilles Kahn. 1974. The semantics of a simple language for parallel programming. In Proceedings of the International Federation for Information Processing Congress (IFIP’74). North-Holland, 471--475.Google Scholar
Yael Tauman Kalai, Yehuda Lindell, and Manoj Prabhakaran. 2005. Concurrent general composition of secure protocols in the timing model. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’05).Google ScholarDigital Library
Jonathan Katz, Ueli Maurer, Björn Tackmann, and Vassilis Zikas. 2013. Universally composable synchronous computation. In Proceedings of the Theory of Cryptography Conference (TCC’13) (Lecture Notes in Computer Science), Vol. 7785. Springer, 477--498.Google ScholarDigital Library
Paul C. Kocher. 1996. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Proceedings of the Annual Cryptology Conference (CRYPTO’96).Google ScholarCross Ref
Ralf Küsters. 2006. Simulation-based security with inexhaustible interactive Turing machines. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW’06) (2006), 12 pp.--320.Google ScholarDigital Library
Ralf Küsters, Anupam Datta, John C. Mitchell, and Ajith Ramanathan. 2008. On the relationships between notions of simulation-based security. J. Cryptol. 21 (2008), 492--546.Google ScholarDigital Library
Ralf Küsters, Max Tuengerthal, and Daniel Rausch. 2020. The IITM model: A simple and expressive model for universal composability. J. Cryptol. (2020). DOI:https://doi.org/10.1007/s00145-020-09352-1Google Scholar
Patrick Lincoln, John C. Mitchell, Mark Mitchell, and Andre Scedrov. 1998. A probabilistic poly-time framework for protocol analysis. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’98).Google ScholarDigital Library
Patrick Lincoln, John C. Mitchell, Mark Mitchell, and Andre Scedrov. 1999. Probabilistic polynomial-time equivalence and security analysis. In Proceedings of the World Congress on Formal Methods.Google ScholarCross Ref
Yehuda Lindell. 2003. General composition and universal composability in secure multi-party computation. In Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science. 394--403.Google ScholarDigital Library
Yehuda Lindell, Anna Lysyanskaya, and Tal Rabin. 2002. On the composition of authenticated byzantine agreement. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’02).Google ScholarDigital Library
Nancy A. Lynch. 1996. Distributed Algorithms. Morgan Kaufmann.Google Scholar
Nancy A. Lynch, Roberto Segala, and Frits W. Vaandrager. 2003. Compositionality for probabilistic automata. In Proceedings of the International Conference on Concurrency Theory (CONCUR’03).Google Scholar
Paulo Mateus, John C. Mitchell, and Andre Scedrov. 2003. Composition of cryptographic protocols in a probabilistic polynomial-time process calculus. In Proceedings of the International Conference on Concurrency Theory (CONCUR’03).Google ScholarCross Ref
Ueli Maurer and Renato Renner. 2011. Abstract cryptography. In Proceedings of the Innovations in Computer Science (ICS'11), Bernard Chazelle (Ed.). Tsinghua University Press, 1--21.Google Scholar
Silvio Micali and Leonid Reyzin. 2004. Physically observable cryptography. In Proceedings of the Theory of Cryptography Conference (TCC’04).Google ScholarCross Ref
Silvio Micali and Phillip Rogaway. 1991. Secure computation. In Unpublished Manuscript. Preliminary version in Advances in Cryptology—CRYPTO (LNCS), Joan Feigenbaum (Ed.), Vol. 576. Springer, 392--404.Google Scholar
Daniele Micciancio and Stefano Tessaro. 2013. An equational approach to secure multi-party computation. In Proceedings of the Conference on Innovations in Theoretical Computer Science (ITCS’13). ACM, 355--372.Google ScholarDigital Library
Daniele Micciancio and Bogdan Warinschi. 2004. Soundness of formal encryption in the presence of active adversaries. In Proceedings of the Theory of Cryptography Conference (TCC’04) (Lecture Notes in Computer Science). Springer, 133--151.Google ScholarCross Ref
Robin Milner. 1989. Communication and Concurrency. Prentice Hall.Google ScholarDigital Library
Robin Milner. 1999. Communicating and Mobile Systems—The Pi-calculus. Cambridge University Press.Google ScholarDigital Library
John C. Mitchell, Mark Mitchell, and Andre Scedrov. 1998. A linguistic characterization of bounded oracle computation and probabilistic polynomial time. In Proceedings of the Annual Symposium on Foundations of Computer Science (FOCS’98). IEEE Computer Society, 725--733.Google ScholarCross Ref
Moni Naor and Moti Yung. 1990. Public-key cryptosystems provably secure against chosen ciphertext attacks. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’90). ACM, 427--437.Google ScholarDigital Library
Jesper Buus Nielsen. 2002. Separating random oracle proofs from complexity theoretic proofs: The non-committing encryption case. In Proceedings of the Annual Cryptology Conference (CRYPTO’02) (Lecture Notes in Computer Science), Vol. 2442. Springer, 111--126.Google ScholarCross Ref
Jesper Buus Nielsen. 2003. On protocol security in the cryptographic model. Ph.D. Thesis, Arhus University.Google Scholar
Rafael Pass. 2004. Bounded-concurrent secure multi-party computation with a dishonest majority. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’04).Google ScholarDigital Library
Rafael Pass. 2006. A precise computational approach to knowledge. Ph.D. Thesis, MIT.Google Scholar
Birgit Pfitzmann, Matthias Schunter, and Michael Waidner. 2000. Cryptographic security of reactive systems. Electron. Notes Theor. Comput. Sci. 32 (2000), 59--77. DOI:https://doi.org/10.1016/S1571-0661(04)00095-7Google ScholarCross Ref
Birgit Pfitzmann and Michael Waidner. 2000. Composition and integrity preservation of secure reactive systems. In Proceedings of the ACM Conference on Computer and Communications Security.Google ScholarDigital Library
Birgit Pfitzmann and Michael Waidner. 2001. A model for asynchronous reactive systems and its application to secure message transmission. Proceedings of the IEEE Symposium on Security and Privacy (S8P’01). 184--200.Google ScholarCross Ref
Birgit Pfitzmann and Michael Waidner. 1994. Hildesheimer Informatik-Berichte 11/94, Universitat Hildesheim. Retrieved from http://www.semper.org/sirene/lit.Google Scholar
Manoj Prabhakaran and Amit Sahai. 2004. New notions of security: Achieving universal composability without trusted setup. IACR Cryptol. ePrint Arch. 2004 (2004), 139.Google Scholar
Michael O. Rabin. 1981. How to exchange secrets with oblivious transfer. Technical report TR-81, Aiken Computation Laboratory, Harvard University (1981).Google Scholar
Charles Rackoff and Daniel R. Simon. 1991. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In Proceedings of the Annual Cryptology Conference (CRYPTO’91).Google Scholar
Ransom Richardson and Joe Kilian. 1999. On the concurrent composition of zero-knowledge proofs. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’99).Google ScholarCross Ref
Roberto Segala and Nancy A. Lynch. 1994. Probabilistic simulations for probabilistic processes. Nord. J. Comput. 2 (1994), 250--273.Google Scholar
Victor Shoup. 1999. On formal models for secure key exchange. IACR Cryptol. ePrint Arch. 1999 (1999), 12.Google Scholar
Michael Sipser. 2013. Introduction to the Theory of Computation, 3rd ed. Cengage Learning Publishing Company.Google Scholar
Douglas Wikström. 2016. Simplified universal composability framework. In Proceedings of the Theory of Cryptography Conference (TCC’16).Google ScholarDigital Library
Douglas Wikström. 2005. On the security of mix-nets and hierarchical group signatures. Ph.D. Thesis, KTH.Google Scholar
Andrew Chi-Chih Yao. 1982. Protocols for secure computations. In Proceedings of the 22nd Annual Symposium on Foundations of Computer Science (FOCS’82).Google Scholar
Andrew Chi-Chih Yao. 1982. Theory and applications of trapdoor functions (extended abstract). In Proceedings of the 22nd Annual Symposium on Foundations of Computer Science (FOCS’82). 80--91.Google Scholar

Index Terms

Universally Composable Security
1. Security and privacy
  1. Formal methods and theory of security
2. Theory of computation
  1. Computational complexity and cryptography
    1. Cryptographic protocols
  2. Models of computation
    1. Concurrency
      1. Distributed computing models
      2. Process calculi

Recommendations

Universally composable contributory group key exchange
ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security

We treat the security of group key exchange (GKE) in the universal composability (UC) framework. Analyzing GKE protocols in the UC framework naturally addresses attacks by malicious insiders. We define an ideal functionality for GKE that captures ...
Read More
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01: Proceedings of the 42nd IEEE symposium on Foundations of Computer Science

We propose a new paradigm for defining security of cryptographic protocols, called universally composable security. The salient property of universally composable definitions of security is that they guarantee security even when a secure protocol is ...
Read More
Incoercible Multi-party Computation and Universally Composable Receipt-Free Voting
Advances in Cryptology -- CRYPTO 2015
Abstract
Composable notions of incoercibility aim to forbid a coercer from using anything beyond the coerced parties’ inputs and outputs to catch them when they try to deceive him. Existing definitions are restricted to weak coercion types, and/or are not ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Journal of the ACM Volume 67, Issue 5
October 2020
274 pages
ISSN:0004-5411
EISSN:1557-735X
DOI:10.1145/3420255
Editor:
Éva Tardos
Cornell University
Issue’s Table of Contents
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 16 September 2020
- Received: 1 October 2017
Published in jacm Volume 67, Issue 5

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Security modeling, specification, and analysis
modular security
security-preserving composition
universal composition
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 49
  Total Citations
  View Citations
- 2,009
  Total Downloads
- Downloads (Last 12 months)716
- Downloads (Last 6 weeks)89
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Universally Composable Security

Journal of the ACM

Editorial Notes

Abstract

Supplemental Material

Available for Download

References

Cited By

Index Terms

Recommendations

Universally composable contributory group key exchange

Universally Composable Security: A New Paradigm for Cryptographic Protocols

Incoercible Multi-party Computation and Universally Composable Receipt-Free Voting