Concurrently Composable Security with Shielded Super-Polynomial Simulators

  • Brandon Broadnax
  • Nico Döttling
  • Gunnar Hartung
  • Jörn Müller-Quade
  • Matthias NagelEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10210)


We propose a new framework for concurrently composable security that relaxes the security notion of UC security. As in previous frameworks, our notion is based on the idea of providing the simulator with super-polynomial resources. However, in our new framework simulators are only given restricted access to the results computed in super-polynomial time. This is done by modeling the super-polynomial resource as a stateful oracle that may directly interact with a functionality without the simulator seeing the communication. We call these oracles “shielded oracles”.

Our notion is fully compatible with the UC framework, i.e., protocols proven secure in the UC framework remain secure in our framework. Furthermore, our notion lies strictly between SPS and Angel-based security, while being closed under protocol composition.

Shielding away super-polynomial resources allows us to apply new proof techniques where we can replace super-polynomial entities by indistinguishable polynomially bounded entities. This allows us to construct secure protocols in the plain model using weaker primitives than in previous Angel-based protocols. In particular, we only use non-adaptive-CCA-secure commitments as a building block in our constructions.

As a feasibility result, we present a constant-round general MPC protocol in the plain model based on standard polynomial-time hardness assumptions that is secure in our framework. Our protocol can be made fully black-box. As a consequence, we obtain the first black-box construction of a constant-round concurrently secure general MPC protocol in the plain model based on polynomial-time hardness assumptions.


Secure Protocol Commitment Scheme Oblivious Transfer Modular Analysis Composition Theorem 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [AIR01]
    Aiello, B., Ishai, Y., Reingold, O.: Priced oblivious transfer: how to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001). doi: 10.1007/3-540-44987-6_8 CrossRefGoogle Scholar
  2. [Bar+04]
    Barak, B., et al.: Universally composable protocols with relaxed set-up assumptions. In: 45th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2004, pp. 186–195. IEEE (2004)Google Scholar
  3. [BBS04]
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28628-8_3 CrossRefGoogle Scholar
  4. [Blu81]
    Blum, M.: Coin flipping by telephone. In: Advances in Cryptology, CRYPTO 1981: IEEE Workshop on Communications Security. University of California, Santa Barbara, Department of Electrical and Computer Engineering, pp. 11–15 (1981)Google Scholar
  5. [BS05]
    Barak, B., Sahai, A.: How to play almost any mental game over the net - concurrent composition via super-polynomial simulation. In: 46th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2005, pp. 543–552. IEEE (2005)Google Scholar
  6. [Can+02]
    Canetti, R., et al.: Universally composable two-party and multiparty secure computation. In: Proceedings of the 34th Annual ACM Symposium on Theory of Computing, STOC 2002, pp. 494–503. ACM (2002)Google Scholar
  7. [Can+07]
    Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-70936-7_4 CrossRefGoogle Scholar
  8. [Can01]
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42th Annual IEEE Symposium on Foundations of Computer Science. FOCS 2001, pp. 136–145. IEEE (2001)Google Scholar
  9. [CF01]
    Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001). doi: 10.1007/3-540-44647-8_2 CrossRefGoogle Scholar
  10. [CGJ15]
    Canetti, R., Goyal, V., Jain, A.: Concurrent secure computation with optimal query complexity. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 43–62. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48000-7_3 CrossRefGoogle Scholar
  11. [CKL03]
    Canetti, R., Kushilevitz, E., Lindell, Y.: On the limitations of universally composable two-party computation without set-up assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 68–86. Springer, Heidelberg (2003). doi: 10.1007/3-540-39200-9_5 CrossRefGoogle Scholar
  12. [CLP10]
    Canetti, R., Lin, H., Pass, R.: Adaptive hardness and composable security in the plain model from standard assumptions. In: 51st Annual IEEE Symposium on Foundations of Computer Science, FOCS 2010, pp. 541–550. IEEE (2010)Google Scholar
  13. [CLP13]
    Canetti, R., Lin, H., Pass, R.: From unprovability to environmentally friendly protocols. In: 54th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2013, pp. 70–79. IEEE (2013)Google Scholar
  14. [CPS07]
    Canetti, R., Pass, R., Shelat, A.: Cryptography from sunspots: how to use an imperfect reference string. In: 48th Annual IEEE Symposium on Foundations of Computer Science. FOCS 2007, pp. 249–259. IEEE (2007)Google Scholar
  15. [Dac+13]
    Dachman-Soled, D., Malkin, T., Raykova, M., Venkitasubramaniam, M.: Adaptive and concurrent secure computation from new adaptive, non-malleable commitments. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 316–336. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42033-7_17 CrossRefGoogle Scholar
  16. [DDN00]
    Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  17. [DS13]
    Damgård, I., Scafuro, A.: Unconditionally secure and universally composable commitments from physical assumptions. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 100–119. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42045-0_6 CrossRefGoogle Scholar
  18. [ElG84]
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985). doi: 10.1007/3-540-39568-7_2 CrossRefGoogle Scholar
  19. [FS90]
    Feige, U., Shamir, A.: Witness indistinguishable and witness hiding protocols. In: Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, STOC 1990, pp. 416–426. ACM (1990)Google Scholar
  20. [Gar+12]
    Garg, S., Goyal, V., Jain, A., Sahai, A.: Concurrently secure computation in constant rounds. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 99–116. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29011-4_8 CrossRefGoogle Scholar
  21. [GGJ13]
    Goyal, V., Gupta, D., Jain, A.: What information is leaked under concurrent composition? In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 220–238. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40084-1_13 CrossRefGoogle Scholar
  22. [GJ13]
    Goyal, V., Jain, A.: On concurrently secure computation in the multiple ideal query model. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 684–701. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38348-9_40 CrossRefGoogle Scholar
  23. [GJO10]
    Goyal, V., Jain, A., Ostrovsky, R.: Password-authenticated session-key generation on the internet in the plain model. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 277–294. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14623-7_15 CrossRefGoogle Scholar
  24. [Goy+14]
    Goyal, V., et al.: An algebraic approach to non-malleability. In: 55th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2014, pp. 41–50. IEEE (2014)Google Scholar
  25. [Goy+15]
    Goyal, V., Lin, H., Pandey, O., Pass, R., Sahai, A.: Round-efficient concurrently composable secure computation via a robust extraction lemma. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 260–289. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46494-6_12 Google Scholar
  26. [HV15]
    Hazay, C., Venkitasubramaniam, M.: On black-box complexity of universally composable security in the CRS model. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 183–209. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48800-3_8 CrossRefGoogle Scholar
  27. [HV16]
    Hazay, C., Venkitasubramaniam, M.: Composable adaptive secure protocols without setup under polytime assumptions. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9985, pp. 400–432. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53641-4_16 CrossRefGoogle Scholar
  28. [Kat07]
    Katz, J.: Universally composable multi-party computation using tamper-proof hardware. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 115–128. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72540-4_7 CrossRefGoogle Scholar
  29. [Kiy14]
    Kiyoshima, S.: Round-efficient black-box construction of composable multi-party computation. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 351–368. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44381-1_20 CrossRefGoogle Scholar
  30. [KL11]
    Kidron, D., Lindell, Y.: Impossibility results for universal composability in public-key models and with fixed inputs. J. Cryptol. 24(3), 517–544 (2011). Cryptology ePrint Archive (IACR): Report 2007/478. Version 2010–06-06MathSciNetCrossRefzbMATHGoogle Scholar
  31. [KLP07]
    Kalai, Y.T., Lindell, Y., Prabhakaran, M.: Concurrent composition of secure protocols in the timing model. J. Cryptol. 20(4), 431–492 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  32. [KMO14]
    Kiyoshima, S., Manabe, Y., Okamoto, T.: Constant-round black-box construction of composable multi-party computation protocol. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 343–367. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54242-8_15 CrossRefGoogle Scholar
  33. [Lin03]
    Lindell, Y.: General composition and universal composability in secure multi-party computation. In: 44th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2003, pp. 394–403. IEEE (2003)Google Scholar
  34. [LP09]
    Lin, H., Pass, R.: Non-malleability amplification. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 189–198. ACM (2009)Google Scholar
  35. [LP12]
    Lin, H., Pass, R.: Black-box constructions of composable protocols without set-up. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 461–478. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32009-5_27 CrossRefGoogle Scholar
  36. [LPV09]
    Lin, H., Pass, R., Venkitasubramaniam, M.: A unified framework for concurrent security: universal composability from stand-alone non-malleability. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 179–188. ACM (2009)Google Scholar
  37. [LPV12]
    Pass, R., Lin, H., Venkitasubramaniam, M.: A unified framework for uc from only OT. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 699–717. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34961-4_42 CrossRefGoogle Scholar
  38. [MMY06]
    Malkin, T., Moriarty, R., Yakovenko, N.: Generalized environmental security from number theoretic assumptions. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 343–359. Springer, Heidelberg (2006). doi: 10.1007/11681878_18 CrossRefGoogle Scholar
  39. [MPR06]
    Micali, S., Pass, R., Rosen, A.: Input-indistinguishable computation. In: 47th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2006, pp. 367–378. IEEE (2006)Google Scholar
  40. [Pas03]
    Pass, R.: Simulation in quasi-polynomial time, and its application to protocol composition. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 160–176. Springer, Heidelberg (2003). doi: 10.1007/3-540-39200-9_10 CrossRefGoogle Scholar
  41. [PR05]
    Pass, R., Rosen, A.: Concurrent non-malleable commitments. In: 46th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2005, pp. 563–572. IEEE (2005)Google Scholar
  42. [PR08]
    Prabhakaran, M., Rosulek, M.: Cryptographic complexity of multi-party computation problems: classifications and separations. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 262–279. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85174-5_15 CrossRefGoogle Scholar
  43. [PS04]
    Prabhakaran, M., Sahai, A.: New notions of security: achieving universal composability without trusted setup. In: Proceedings of the 36th Annual ACM Symposium on Theory of Computing, STOC 2004, pp. 242–251. ACM (2004)Google Scholar
  44. [Ven14]
    Venkitasubramaniam, M.: On adaptively secure protocols. In: Abdalla, M., Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 455–475. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-10879-7_26 Google Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Brandon Broadnax
    • 1
  • Nico Döttling
    • 2
  • Gunnar Hartung
    • 1
  • Jörn Müller-Quade
    • 1
  • Matthias Nagel
    • 1
    Email author
  1. 1.Karlsruhe Institute of TechnologyKarlsruheGermany
  2. 2.University of California BerkeleyBerkeleyUSA

Personalised recommendations