Theory of Cryptography

Volume 6597 of the series Lecture Notes in Computer Science pp 311-328

Bringing People of Different Beliefs Together to Do UC

  • Sanjam GargAffiliated withUCLA
  • , Vipul GoyalAffiliated withMicrosoft Research
  • , Abhishek JainAffiliated withUCLA
  • , Amit SahaiAffiliated withUCLA


Known constructions of UC secure protocols are based on the premise that different parties collectively agree on some trusted setup. In this paper, we consider the following two intriguing questions: Is it possible to achieve UC if the parties do not want to put all their trust in one entity (or more generally, in one setup)? What if the parties have a difference of opinion about what they are willing to trust? The first question has been studied in only a limited way, while the second has never been considered before.

In this paper, we initiate a systematic study to answer the above questions. We consider a scenario with multiple setup instances where each party in the system has some individual belief (setup assumption in terms of the given setups). The belief of a party corresponds to what it is willing to trust and its security is guaranteed given that its belief “holds.” The question considered is: “Given some setups and the (possibly) different beliefs of all the parties, when can UC security be achieved?” We present a general condition on the setups and the beliefs of all the parties under which UC security is possible. Surprisingly, we show that when parties have different beliefs, UC security can be achieved with a more limited “trust” than what is necessary in the traditional setting (where all parties have a common belief).