Journal of Cryptology

, Volume 28, Issue 3, pp 423–508 | Cite as

GNUC: A New Universal Composability Framework

Article

Abstract

We put forward a framework for the modular design and analysis of multi-party protocols. Our framework is called “GNUC” (with the recursive meaning “GNUC’s Not UC”), already alluding to the similarity to Canetti’s Universal Composability (UC) framework. In particular, like UC, we offer a universal composition theorem, as well as a theorem for composing protocols with joint state.

We deviate from UC in several important aspects. Specifically, we have a rather different view than UC on the structuring of protocols, on the notion of polynomial-time protocols and attacks, and on corruptions. We will motivate our definitional choices by explaining why the definitions in the UC framework are problematic, and how we overcome these problems.

Our goal is to offer a framework that is largely compatible with UC, such that previous results formulated in UC carry over to GNUC with minimal changes. We exemplify this by giving explicit formulations for several important protocol tasks, including authenticated and secure communication, as well as commitment and secure function evaluation.

Key words

Universal composability Protocols Composition 

References

  1. [1]
    M. Backes, B. Pfitzmann, M. Waidner, A composable cryptographic library with nested operations, in ACM CCS 03: 10th Conference on Computer and Communications Security, ed. by S. Jajodia, V. Atluri, T. Jaeger, Washington, DC, USA, October 27–30, 2003 (ACM, New York, 2003), pp. 220–230 CrossRefGoogle Scholar
  2. [2]
    M. Backes, B. Pfitzmann, M. Waidner, A general composition theorem for secure reactive systems, in TCC 2004: 1st Theory of Cryptography Conference, ed. by M. Naor, Cambridge, MA, USA, February 19–21, 2004. Lecture Notes in Computer Science, vol. 2951 (Springer, Berlin, 2004), pp. 336–354 Google Scholar
  3. [3]
    M. Backes, B. Pfitzmann, M. Waidner, The reactive simulatability (RSIM) framework for asynchronous systems. Inf. Comput. 205(12), 1685–1720 (2007) MATHMathSciNetCrossRefGoogle Scholar
  4. [4]
    B. Barak, How to play almost any mental game over the net—concurrent composition via super-polynomial simulation, in 46th Annual Symposium on Foundations of Computer Science, Pittsburgh, PA, USA, October 23–25, 2005 (IEEE Comput. Soc., Los Alamitos, 2005), pp. 543–552 Google Scholar
  5. [5]
    B. Barak, R. Canetti, Y. Lindell, R. Pass, T. Rabin, Secure computation without authentication, in Advances in Cryptology—CRYPTO 2005, ed. by V. Shoup, Santa Barbara, CA, USA, August 14–18, 2005. Lecture Notes in Computer Science, vol. 3621 (Springer, Berlin, 2005), pp. 361–377 CrossRefGoogle Scholar
  6. [6]
    D. Beaver, Foundations of secure interactive computing, in Advances in Cryptology—CRYPTO’91, ed. by J. Feigenbaum, Santa Barbara, CA, USA, August 11–15, 1992. Lecture Notes in Computer Science, vol. 576 (Springer, Berlin, 1992), pp. 377–391 Google Scholar
  7. [7]
    P. Bogetoft, D.L. Christensen, I. Damgård, M. Geisler, T. Jakobsen, M. Krøigaard, J.D. Nielsen, J.B. Nielsen, K. Nielsen, J. Pagter, M.I. Schwartzbach, T. Toft, Secure multiparty computation goes live, in FC 2009: 13th International Conference on Financial Cryptography and Data Security, ed. by R. Dingledine, P. Golle, Accra Beach, Barbados, February 23–26, 2009. Lecture Notes in Computer Science, vol. 5628 (Springer, Berlin, 2009), pp. 325–343 Google Scholar
  8. [8]
    J. Camenisch, A. Kiayias, M. Yung, On the portability of generalized Schnorr proofs, in Advances in Cryptology—EUROCRYPT 2009, ed. by A. Joux, Cologne, Germany, April 26–30, 2009. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 425–442 CrossRefGoogle Scholar
  9. [9]
    J. Camenisch, N. Casati, T. Groß, V. Shoup, Credential authenticated identification and key exchange, in Advances in Cryptology—CRYPTO 2010, ed. by T. Rabin, Santa Barbara, CA, USA, August 15–19, 2010. Lecture Notes in Computer Science, vol. 6223 (Springer, Berlin, 2010), pp. 255–276 CrossRefGoogle Scholar
  10. [10]
    R. Canetti, Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000) MATHMathSciNetCrossRefGoogle Scholar
  11. [11]
    R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, in 42nd Annual Symposium on Foundations of Computer Science, Las Vegas, NV, USA, October 14–17, 2001 (IEEE Comput. Soc., Los Alamitos, 2001), pp. 136–145 Google Scholar
  12. [12]
    R. Canetti, Universally composable security: a new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067, December 2005. Full and updated version of [11], http://eprint.iacr.org/
  13. [13]
    R. Canetti, M. Fischlin, Universally composable commitments, in Advances in Cryptology—CRYPTO 2001, ed. by J. Kilian, Santa Barbara, CA, USA, August 19–23, 2001. Lecture Notes in Computer Science, vol. 2139 (Springer, Berlin, 2001), pp. 19–40 CrossRefGoogle Scholar
  14. [14]
    R. Canetti, T. Rabin, Universal composition with joint state, in Advances in Cryptology—CRYPTO 2003, ed. by D. Boneh, Santa Barbara, CA, USA, August 17–21, 2003. Lecture Notes in Computer Science, vol. 2729 (Springer, Berlin, 2003), pp. 265–281 CrossRefGoogle Scholar
  15. [15]
    R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai, Universally composable two-party and multi-party secure computation, in 34th Annual ACM Symposium on Theory of Computing, Montréal, Québec, Canada, May 19–21, 2002 (ACM, New York, 2002), pp. 494–503 Google Scholar
  16. [16]
    R. Canetti, Y. Dodis, R. Pass, S. Walfish, Universally composable security with global setup, in TCC 2007: 4th Theory of Cryptography Conference, ed. by S.P. Vadhan, Amsterdam, The Netherlands, February 21–24, 2007. Lecture Notes in Computer Science, vol. 4392 (Springer, Berlin, 2007), pp. 61–85 Google Scholar
  17. [17]
    S. Gajek, M. Manulis, O. Pereira, A.-R. Sadeghi, J. Schwenk, Universally composable security analysis of TLS, in ProvSec (2008), pp. 313–327 Google Scholar
  18. [18]
    O. Goldreich, H. Krawczyk, On the composition of zero-knowledge proof systems. SIAM J. Comput. 25(1), 169–192 (1996) MATHMathSciNetCrossRefGoogle Scholar
  19. [19]
    O. Goldreich, S. Micali, A. Wigderson, Proofs that yield nothing but their validity and a methodology of cryptographic protocol design, in 27th Annual Symposium on Foundations of Computer Science, Toronto, Ontario, Canada, October 27–29, 1986 (IEEE Comput. Soc., Los Alamitos, 1986), pp. 174–187 Google Scholar
  20. [20]
    J. Håstad, Solving simultaneous modular equations of low degree. SIAM J. Comput. 17(2), 336–341 (1988) MATHMathSciNetCrossRefGoogle Scholar
  21. [21]
    D. Hofheinz, J. Müller-Quade, D. Unruh, Polynomial runtime in simulatability definitions, in CSFW (2005), pp. 156–169 Google Scholar
  22. [22]
    D. Hofheinz, D. Unruh, J. Müller-Quade, Polynomial runtime and composability. J. Cryptol. 26(3), 375–441 (2013) MATHCrossRefGoogle Scholar
  23. [23]
    S. Jarecki, A. Lysyanskaya, Adaptively secure threshold cryptography: introducing concurrency, removing erasures, in Advances in Cryptology—EUROCRYPT 2000, ed. by B. Preneel, Bruges, Belgium, May 14–18, 2000. Lecture Notes in Computer Science, vol. 1807 (Springer, Berlin, 2000), pp. 221–242 CrossRefGoogle Scholar
  24. [24]
    R. Küsters, Simulation-based security with inexhaustible interactive Turing machines, in CSFW (IEEE Comput. Soc., Los Alamitos, 2006), pp. 309–320 Google Scholar
  25. [25]
    R. Küsters, M. Tuengerthal, Computational soundness for key exchange protocols with symmetric encryption, in ACM CCS 09: 16th Conference on Computer and Communications Security, ed. by E. Al-Shaer, S. Jha, A.D. Keromytis, Chicago, Illinois, USA, November 9–13, 2009 (ACM, New York, 2009), pp. 91–100 CrossRefGoogle Scholar
  26. [26]
    R. Küsters, M. Tuengerthal, The IITM model: a simple and expressive model for universal composability. Cryptology ePrint Archive, Report 2013/025, 2013. http://eprint.iacr.org/
  27. [27]
    P.D. MacKenzie, K. Yang, On simulation-sound trapdoor commitments, in Advances in Cryptology—EUROCRYPT 2004, ed. by C. Cachin, J. Camenisch, Interlaken, Switzerland, May 2–6, 2004. Lecture Notes in Computer Science, vol. 3027 (Springer, Berlin, 2004), pp. 382–400 CrossRefGoogle Scholar
  28. [28]
    U. Maurer, R. Renner, Abstract cryptography, in The Second Symposium in Innovations in Computer Science, ICS 2011, ed. by B. Chazelle (Tsinghua University Press, Tsinghua, 2011), pp. 1–21 Google Scholar
  29. [29]
    S. Micali, P. Rogaway, Secure computation (abstract), in Advances in Cryptology—CRYPTO’91, ed. by J. Feigenbaum, Santa Barbara, CA, USA, August 11–15, 1992. Lecture Notes in Computer Science, vol. 576 (Springer, Berlin, 1992), pp. 392–404 Google Scholar
  30. [30]
    B. Pfitzmann, M. Waidner, A model for asynchronous reactive systems and its application to secure message transmission, in IEEE Symposium on Security and Privacy (2001), pp. 184–200 Google Scholar
  31. [31]
    M. Prabhakaran, New notions of security, PhD thesis, Princeton University, 2005 Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  1. 1.Karlsruhe Institute of TechnologyKarlsruheGermany
  2. 2.New York UniversityNew YorkUSA

Personalised recommendations