Adaptive versus Static Security in the UC Model
We show that for certain class of unconditionally secure protocols and target functionalities, static security implies adaptive security in the UC model. Similar results were previously only known for models with weaker security and/or composition guarantees. The result is, for instance, applicable to a wide range of protocols based on secret sharing. It “explains” why an often used proof technique for such protocols works, namely where the simulator runs in its head a copy of the honest players using dummy inputs and generates a protocol execution by letting the dummy players interact with the adversary. When a new player P i is corrupted, the simulator adjusts the state of its dummy copy of P i to be consistent with the real inputs and outputs of P i and gives the state to the adversary. Our result gives a characterization of the cases where this idea will work to prove adaptive security. As a special case, we use our framework to give the first proof of adaptive security of the seminal BGW protocol in the UC framework.
KeywordsSecure Protocol Static Security Ideal Functionality Multiplication Gate Honest Party
Unable to display preview. Download preview PDF.
- 1.Asharov, G., Lindell, Y.: A full proof of the bgw protocol for perfectly-secure multiparty computation. IACR Cryptology ePrint Archive 2011, 136 (2011)Google Scholar
- 2.Beaver, D.: Foundations of secure interactive computing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 377–391. Springer, Heidelberg (1992)Google Scholar
- 3.Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pp. 1–10 (1988)Google Scholar
- 5.Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, Las Vegas, Nevada, October 14-17, pp. 136–145. IEEE (2001)Google Scholar
- 7.Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively secure multi-party computation. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, May 22-24, pp. 639–648 (1996)Google Scholar
- 8.Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: Proceedings of the Thirty-Fourth Annual ACM Symposium on the Theory of Computing, Montreal, Quebec, Canada, pp. 494–503 (2002)Google Scholar
- 9.Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (extended abstract). In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, Chicago, Illinois, May 2-4, pp. 11–19 (1988)Google Scholar
- 12.Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, New York City, May 25-27, pp. 218–229 (1987)Google Scholar
- 14.Micali, S., Rogaway, P.: Secure computation. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 392–404. Springer, Heidelberg (1992)Google Scholar
- 16.Pfitzmann, B., Schunter, M., Waidner, M.: Secure reactive systems. Technical Report RZ 3206. IBM Research, Zürich (May 2000)Google Scholar