Universally Composable Security with Global Setup

  • Ran Canetti
  • Yevgeniy Dodis
  • Rafael Pass
  • Shabsi Walfish
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4392)


Cryptographic protocols are often designed and analyzed under some trusted set-up assumptions, namely in settings where the participants have access to global information that is trusted to have some basic security properties. However, current modeling of security in the presence of such set-up falls short of providing the expected security guarantees. A quintessential example of this phenomenon is the deniability concern: there exist natural protocols that meet the strongest known composable security notions, and are still vulnerable to bad interactions with rogue protocols that use the same set-up.

We extend the notion of universally composable (UC) security in a way that re-establishes its original intuitive guarantee even for protocols that use globally available set-up. The new formulation prevents bad interactions even with adaptively chosen protocols that use the same set-up. In particular, it guarantees deniability. While for protocols that use no set-up the proposed requirements are the same as in traditional UC security, for protocols that use global set-up the proposed requirements are significantly stronger. In fact, realizing Zero Knowledge or commitment becomes provably impossible, even in the Common Reference String model. Still, we propose reasonable alternative set-up assumptions and protocols that allow realizing practically any cryptographic task under standard hardness assumptions even against adaptive corruptions.


Ideal Functionality Commitment Scheme Honest Party Reference String Protocol Session 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abe, M., Fehr, S.: Perfect NIZK with Adaptive Soundness. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 118–136. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Ateniese, G., de Medeiros, B.: Identity-based Chameleon Hash and Applications. In: Proc. of Financial Cryptography (2004), Available at,
  3. 3.
    Beaver, D.: Secure Multi-party Protocols and Zero-Knowledge Proof Systems Tolerating a Faulty Minority. J. Cryptology 4, 75–122 (1991)zbMATHCrossRefGoogle Scholar
  4. 4.
    Barak, B., Canetti, R., Lindell, Y., Pass, R., Rabin, T.: Secure Computation Without Authentication. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 361–377. Springer, Heidelberg (2005)Google Scholar
  5. 5.
    Barak, B., Canetti, R., Nielsen, J., Pass, R.: Universally composable protocols with relaxed set-up assumptions. In: Proc. of FOCS (2004)Google Scholar
  6. 6.
    Boneh, D., Franklin, M.: Identity Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, Springer, Heidelberg (2001)Google Scholar
  7. 7.
    Barak, B., Lindell, Y.: Strict Polynomial-time Simulation and Extraction. SIAM J. Comput. 33(4), 783–818 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Barak, B., Sahai, A.: How To Play Almost Any Mental Game Over the Net - Concurrent Composition via Super-Polynomial Simulation. In: Proc. of FOCS (2005)Google Scholar
  9. 9.
    Canetti, R.: Security and composition of multi-party cryptographic protocols. Journal of Cryptology 13(1) (2000)Google Scholar
  10. 10.
    Canetti, R.: Universally Composable Security: A New paradigm for Cryptographic Protocols. In: Proc. of FOCS, pp. 136–145 (2001)Google Scholar
  11. 11.
    Canetti, R.: Universally Composable Security: A New paradigm for Cryptographic Protocols. In: Cryptology ePrint Archive, Report, 2000/067, revised edition from Dec. 2005 (2005), Available at,
  12. 12.
    Canetti, R.: Universally Composable Signature, Certification, and Authentication. In: Proc. of CSFW, p. 219 (2004)Google Scholar
  13. 13.
    Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally Composable Security with Global Setup. In: Cryptology ePrint Archive, Report, 2006/432 (2006), Available at,
  14. 14.
    Cramer, R., Damgard, I., Schoenmakers, B.: Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  15. 15.
    Canetti, R., Fischlin, M.: Universally Composable Commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Canetti, R., Kushilevitz, E., Lindell, Y.: On the Limitations of Universally Composable Two-Party Computation Without Set-Up Assumptions. In: Biham, E. (ed.) Advances in Cryptology – EUROCRPYT 2003. LNCS, vol. 2656, pp. 68–86. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally Composable Two-Party and Multi-Party Secure Computation. In: Proc. of STOC, pp. 494–503 (2002)Google Scholar
  18. 18.
    Canetti, R., Rabin, T.: Universal Composition with Joint State. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 265–281. Springer, Heidelberg (2003)Google Scholar
  19. 19.
    Damgard, I., Nielsen, J.: Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 581–596. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Dodis, Y., Micali, S.: Parallel Reducibility for Information-Theoretically Secure Computation. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 74–92. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  21. 21.
    Feige, U.: Alternative Models for Zero Knowledge Interactive Proofs. Ph.D. thesis, Weizmann Institute of Science, Rehovot, Israel (1990)Google Scholar
  22. 22.
    Feige, U., Lapidot, D., Shamir, A.: Multiple Non-Interactive Zero-Knowledge Proofs Based on a Single Random String. In: Proc. of FOCS (1990)Google Scholar
  23. 23.
    Goldwasser, S., Levin, L.: Fair Computation of General Functions in Presence of Immoral Majority. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, Springer, Heidelberg (1991)Google Scholar
  24. 24.
    Goldreich, O., Micali, S., Wigderson, A.: How to Solve any Protocol Problem. In: Proc. of STOC (1987)Google Scholar
  25. 25.
    Hofheinz, D., Muller-Quade, J., Unruh, D.: Universally Composable Zero-Knowledge Arguments and Commitments from Signature Cards. In: Proc. of the 5th Central European Conference on Cryptology MoraviaCrypt 2005, June (2005)Google Scholar
  26. 26.
    Jakobsson, M., Sako, K., Impagliazzo, R.: Designated Verifier Proofs and their Applications. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, Springer, Heidelberg (1996)Google Scholar
  27. 27.
    Micali, S., Rogaway, P.: Secure Computation. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, Springer, Heidelberg (1992)Google Scholar
  28. 28.
    Pass, R.: On Deniabililty in the Common Reference String and Random Oracle Model. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 216–337. Springer, Heidelberg (2003)Google Scholar
  29. 29.
    Pass, R.: Bounded-Concurrent Secure Multi-Party Computation with a Dishonest Majority. In: Proc. of STOC, pp. 232–241 (2004)Google Scholar
  30. 30.
    Prabhakaran, M., Sahai, A.: New Notions of Security: Achieving Universal Composability without Trusted Setup. In: Proc. of STOC (2004)Google Scholar
  31. 31.
    Pfitzmann, B., Waidner, M.: Composition and Integrity Preservation of Secure Reactive Systems. In: Proc. of ACM CCS, pp. 245–254. ACM Press, New York (2000)Google Scholar
  32. 32.
    Zhang, F., Safavi-Naini, R., Susilo, W.: ID-Based Chameleon Hashes from Bilinear Pairings (2003), Available at,

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Ran Canetti
    • 1
  • Yevgeniy Dodis
    • 2
  • Rafael Pass
    • 3
  • Shabsi Walfish
    • 2
  1. 1.IBM Research 
  2. 2.New York University 
  3. 3.Cornell University 

Personalised recommendations