David and Goliath Commitments: UC Computation for Asymmetric Parties Using Tamper-Proof Hardware
Designing secure protocols in the Universal Composability (UC) framework confers many advantages. In particular, it allows the protocols to be securely used as building blocks in more complex protocols, and assists in understanding their security properties. Unfortunately, most existing models in which universally composable computation is possible (for useful functionalities) require a trusted setup stage. Recently, Katz [Eurocrypt ’07] proposed an alternative to the trusted setup assumption: tamper-proof hardware. Instead of trusting a third party to correctly generate the setup information, each party can create its own hardware tokens, which it sends to the other parties. Each party is only required to trust that its own tokens are tamper-proof.
Katz designed a UC commitment protocol that requires both parties to generate hardware tokens. In addition, his protocol relies on a specific number-theoretic assumption. In this paper, we construct UC commitment protocols for “David” and “Goliath”: we only require a single party (Goliath) to be capable of generating tokens. We construct a version of the protocol that is secure for computationally unbounded parties, and a more efficient version that makes computational assumptions only about David (we require only the existence of a one-way function). Our protocols are simple enough to be performed by hand on David’s side.
These properties may allow such protocols to be used in situations which are inherently asymmetric in real-life, especially those involving individuals versus large organizations. Classic examples include voting protocols (voters versus “the government”) and protocols involving private medical data (patients versus insurance-agencies or hospitals).
- 1.Barak, B., Canetti, R., Nielsen, J.B., Pass, R.: Universally composable protocols with relaxed set-up assumptions. In: Proceedings of the 45th Annual Symposium on Foundations of Computer Science, pp. 186–195 (2004)Google Scholar
- 2.Bennett, C.H., Brassard, G.: Quantum cryptography: Public key distribution and coin tossing. In: Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, pp. 175–179 (1984)Google Scholar
- 3.Bollobas, B.: Extremal Graph Theory. Courier Dover Publications (1978)Google Scholar
- 4.Brands, S.: Untraceable off-line cash in wallets with observers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302–318. Springer, Heidelberg (1994)Google Scholar
- 5.Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science, pp. 136–145 (2001); An updated version is available from the Cryptology ePrint Archive, Report 2000/067Google Scholar
- 6.Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Proceedings of the 4th Theory of Cryptography Conference, pp. 61–85 (2007)Google Scholar
- 9.Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: Proceedings of the 34th Annual ACM Symposium on the Theory of Computing, pp. 494–503 (2002)Google Scholar
- 10.Chandran, N., Goyal, V., Sahai, A.: Improved UC secure computation using tamper-proof hardware. Cryptology ePrint Archive, Report 2007/334 (2007)Google Scholar
- 11.Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)Google Scholar
- 12.Cramer, R., Pedersen, T.P.: Improved privacy in wallets with observers. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 329–343. Springer, Heidelberg (1994)Google Scholar
- 13.Crépeau, C.: Efficient cryptographic protocols based on noisy channels. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 306–317. Springer, Heidelberg (1997)Google Scholar
- 14.Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions. In: Proceedings of the 29th Annual Symposium on Foundations of Computer Science, pp. 42–52 (1988)Google Scholar
- 15.Damgård, I., Fehr, S., Morozov, K., Salvail, L.: Unfair noisy channels and oblivious transfer. In: Proceedings of the 1st Theory of Cryptography Conference, pp. 355–373 (2004)Google Scholar
- 16.Damgård, I., Kilian, J., Salvail, L.: On the (im)possibility of basing oblivious transfer and bit commitment on weakened security assumptions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 56–73. Springer, Heidelberg (1999)Google Scholar
- 17.Damgård, I., Nielsen, J.B., Wichs, D.: Universally composable multiparty computation with partially isolated parties. Cryptology ePrint Archive, Report 2007/332 (2007)Google Scholar
- 19.Hofheinz, D., Müller-Quade, J., Unruh, D.: Universally composable zero-knowledge arguments and commitments from signature cards. In: Proceedings of the 5th Central European Conference on Cryptology (2005)Google Scholar
- 21.Moran, T., Naor, M.: Basing cryptographic protocols on tamper-evident seals. In: Proceedings of the 32nd International Colloquium on Automata, Languages and Programming, pp. 285–297 (2005)Google Scholar