Long-Term Security and Universal Composability
- 200 Downloads
Algorithmic progress and future technological advances threaten today’s cryptographic protocols. This may allow adversaries to break a protocol retrospectively by breaking the underlying complexity assumptions long after the execution of the protocol. Long-term secure protocols, protocols that after the end of the execution do not reveal any information to a then possibly unlimited adversary, could meet this threat. On the other hand, in many applications, it is necessary that a protocol is secure not only when executed alone, but within arbitrary contexts. The established notion of universal composability (UC) captures this requirement.
This is the first paper to study protocols which are simultaneously long-term secure and universally composable. We show that the usual set-up assumptions used for UC protocols (e.g. a common reference string) are not sufficient to achieve long-term secure and composable protocols for commitments or zero-knowledge protocols.
We give practical alternatives (e.g. signature cards) to these usual setup-assumptions and show that these enable the implementation of the important primitives commitment and zero-knowledge protocols.
Key wordsUniversal Composability Long-term security Zero-knowledge Commitment schemes
Unable to display preview. Download preview PDF.
- M. Backes, D. Hofheinz, J. Müller-Quade, D. Unruh, On fairness in simulatability-based cryptographic systems, in Proceedings of the 2005 ACM Workshop on Formal Methods in Security Engineering (ACM, New York, 2005), pp. 13–22. Full version online available at http://eprint.iacr.org/2005/294. The definition of nontrivial protocols is only contained in the full version CrossRefGoogle Scholar
- M. Backes, B. Pfitzmann, M. Waidner, The reactive simulatability (RSIM) framework for asynchronous systems. Inform. Comput. (2007). Preliminary version available at http://eprint.iacr.org/2004/082
- B. Barak, R. Canetti, J.B. Nielsen, R. Pass, Universally composable protocols with relaxed set-up assumptions, in 45th Symposium on Foundations of Computer Science. Proceedings of FOCS 2004, Rome, Italy, 17–19 October 2004 (IEEE Computer Society, Los Alamitos, 2004), pp. 186–195 CrossRefGoogle Scholar
- D. Boneh, Twenty years of attacks on the RSA cryptosystem. Not. Am. Math. Soc. (AMS) 46(2), 203–213 (1999). Online available at http://crypto.stanford.edu/~dabo/abstracts/RSAattack-survey.html zbMATHMathSciNetGoogle Scholar
- G. Brassard, C. Crépeau, D. Mayers, L. Salvail, Defeating classical bit commitments with a quantum computer. Los Alamos preprint arXiv:quant-ph/9806031, May 1999
- C. Cachin, U. Maurer, Unconditional security against memory-bounded adversaries, in Advances in Cryptology, ed. by B.S. Kaliski Jr. Proceedings of CRYPTO ’97. LNCS, vol. 1294 (Springer, Berlin, 1997), pp. 292–306 Google Scholar
- C. Cachin, C. Crépeau, J. Marcil, Oblivious transfer with a memory-bounded receiver, in 34th Annual ACM Symposium on Theory of Computing. Proceedings of STOC 2002 (ACM, New York, 2002), pp. 493–502 Google Scholar
- J. Camenisch, A. Lysyanskaya, A signature scheme with efficient protocols, in Proc. 3rd International Conference on Security in Communication Networks (SCN). LNCS, vol. 2576 (Springer, Berlin, 2002), pp. 268–289 Google Scholar
- R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, in 42th Annual Symposium on Foundations of Computer Science. Proceedings of FOCS 2001 (IEEE Computer Society, Los Alamitos, 2001), pp. 136–145. Full and revised version is online available at http://eprint.iacr.org/2000/067 Google Scholar
- R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai, Universally composable two-party and multi-party secure computation, in 34th Annual ACM Symposium on Theory of Computing. Proceedings of STOC 2002 (ACM, New York, 2002), pp. 494–503. Extended abstract, full version online available at http://eprint.iacr.org/2002/140 Google Scholar
- R. Canetti, E. Kushilevitz, Y. Lindell, On the limitations of universally composable two-party computation without set-up assumptions, in Advances in Cryptology, ed. by E. Biham. Proceedings of EUROCRYPT ’03. LNCS, vol. 2656 (Springer, Berlin, 2003), pp. 68–86. Full version online available at http://eprint.iacr.org/2004/116 Google Scholar
- I. Damgård, J.B. Nielsen, Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor, in Advances in Cryptology, ed. by Y. Moti. Proceedings of CRYPTO ’02. LNCS, vol. 2442 (Springer, Berlin, 2002), pp. 581–596. Full version online available at http://eprint.iacr.org/2001/091 Google Scholar
- I.B. Damgård, S. Fehr, L. Salvail, C. Schaffner, Cryptography in the bounded quantum-storage model, in Proceedings of FOCS 2005 (2005), pp. 449–458. A full version is available at http://arxiv.org/abs/quant-ph/0508222
- S. Dziembowski, U. Maurer, On generating the initial key in the bounded-storage model, in Advances in Cryptology, ed. by C. Cachin, J. Camenisch. Proceedings of EUROCRYPT ’04. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 126–137 Google Scholar
- Gesetz über Rahmenbedingungen für elektronische Signaturen. Bundesgesetzblatt I 2001, 876, May 2001. Online available at http://bundesrecht.juris.de/sigg_2001/index.html
- O. Goldreich, S. Micali, A. Wigderson, Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. J. ACM 38(3), 690–728 (1991). Online available at http://www.wisdom.weizmann.ac.il/~oded/X/gmw1j.pdf MathSciNetGoogle Scholar
- S. Goldwasser, S. Micali, R.L. Rivest, A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988). Online available at http://theory.lcs.mit.edu/~rivest/GoldwasserMicaliRivest-ADigitalSignatureSchemeSecureAgainstAdaptiveChosenMessageAttacks.ps zbMATHCrossRefMathSciNetGoogle Scholar
- C. Günther, An identity-based key-exchange protocol, in Advances in Cryptology—EUROCRYPT ’89, ed. by J.-J. Quisquater, J. Vandewalle. vol. 434 (Springer, Berlin, 1990), pp. 29–37 Google Scholar
- D. Hofheinz, J. Müller-Quade, D. Unruh, Polynomial runtime in simulatability definitions, in 18th IEEE Computer Security Foundations Workshop. Proceedings of CSFW 2005 (IEEE Computer Society, Los Alamitos, 2005), pp. 156–169. Online available at http://iaks-www.ira.uka.de/home/unruh/publications/hofheinz05polynomial.html CrossRefGoogle Scholar
- Y. Lindell, General composition and universal composability in secure multi-party computation, in 44th Annual Symposium on Foundations of Computer Science. Proceedings of FOCS 2003 (IEEE Computer Society, Los Alamitos, 2003), pp. 394–403. Online available at http://eprint.iacr.org/2003/141 Google Scholar
- U.M. Maurer, K. Pietrzak, R. Renner, Indistinguishability amplification, in Proceedings of Crypto’07, ed. by A. Menezes. LNCS, vol. 4622 (Springer, Berlin, 2007), pp. 130–149 Google Scholar
- J. Müller-Quade, Temporary assumptions—quantum and classical, in The 2005 IEEE Information Theory Workshop On Theory and Practice in Information-Theoretic Security (2005). Abstract Google Scholar
- M.O. Rabin, Hyper-encryption by virtual satellite. Science Center Research Lecture Series, December 2003. Online available at http://athome.harvard.edu/programs/hvs/