Advances in Cryptology – CRYPTO 2010

Volume 6223 of the series Lecture Notes in Computer Science pp 595-612

A Zero-One Law for Cryptographic Complexity with Respect to Computational UC Security

  • Hemanta K. MajiAffiliated withDepartment of Computer Science, University of Illinois, Urbana-Champaign
  • , Manoj PrabhakaranAffiliated withDepartment of Computer Science, University of Illinois, Urbana-Champaign
  • , Mike RosulekAffiliated withDepartment of Computer Science, University of Montana


It is well-known that most cryptographic tasks do not have universally composable (UC) secure protocols, if no trusted setup is available in the framework. On the other hand, if a task like fair coin-tossing is available as a trusted setup, then all cryptographic tasks have UC-secure protocols. What other trusted setups allow UC-secure protocols for all tasks? More generally, given a particular setup, what tasks have UC-secure protocols?

We show that, surprisingly, every trusted setup is either useless (equivalent to having no trusted setup) or all-powerful (allows UC-secure protocols for all tasks). There are no “intermediate” trusted setups in the UC framework. We prove this zero-one law under a natural intractability assumption, and consider the class of deterministic, finite, 2-party functionalities as candidate trusted setups.

One important technical contribution in this work is to initiate the comprehensive study of the cryptographic properties of reactive functionalities. We model these functionalities as finite automata and develop an automata-theoretic methodology for classifying and studying their cryptographic properties. Consequently, we completely characterize the reactive behaviors that lead to cryptographic non-triviality. Another contribution of independent interest is to optimize the hardness assumption used by Canetti et al. (STOC 2002) in showing that the common random string functionality is complete (a result independently obtained by Damgård et al. (TCC 2010)).