What Information Is Leaked under Concurrent Composition?

  • Vipul Goyal
  • Divya Gupta
  • Abhishek Jain
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8043)


AchievingA long series of works have established far reaching impossibility results for concurrently secure computation. On the other hand, some positive results have also been obtained according to various weaker notions of security (such as by using a super-polynomial time simulator). This suggest that somehow, “not all is lost in the concurrent setting.”

In this work, we ask what and exactly how much private information can an adversary learn by launching a concurrent attack? Inspired by the recent works on leakage-resilient protocols, we consider a security model where the ideal world adversary (a.k.a simulator) is allowed to query the trusted party for some “leakage” on the honest party inputs. (Intuitively, the amount of leakage required by the simulator upper bounds the security loss in the real world).

We show for the first time that in the concurrent setting, it is possible to achieve full security for “most” of the sessions, while incurring significant loss of security in the remaining (fixed polynomial fraction of total) sessions. We also give a lower bound showing that (for general functionalities) this is essentially optimal. Our results also have interesting implications to bounded concurrent secure computation [Barak- FOCS’01], as well as to precise concurrent zero-knowledge [Pandey et al.-Eurocrypt’08] and concurrently secure computation in the multiple ideal query model [Goyal et al.-Crypto’10]

At the heart of our positive results is a new simulation strategy that is inspired by the classical set covering problem. On the other hand, interestingly, our negative results use techniques from leakage-resilient cryptography [Dziembowski-Pietrzak-FOCS’08].


  1. 1.
    Agrawal, S., Goyal, V., Jain, A., Prabhakaran, M., Sahai, A.: New impossibility results for concurrent composition and a non-interactive completeness theorem for secure computation. In: Safavi-Naini, R. (ed.) CRYPTO 2012. LNCS, vol. 7417, pp. 443–460. Springer, Heidelberg (2012)Google Scholar
  2. 2.
    Barak, B., Canetti, R., Nielsen, J.B., Pass, R.: Universally composable protocols with relaxed set-up assumptions. In: FOCS (2004)Google Scholar
  3. 3.
    Barak, B., Prabhakaran, M., Sahai, A.: Concurrent non-malleable zero knowledge. In: FOCS (2006)Google Scholar
  4. 4.
    Barak, B., Sahai, A.: How to play almost any mental game over the net - concurrent composition using super-polynomial simulation. In: Proc. 46th FOCS, pp. 543–552 (2005)Google Scholar
  5. 5.
    Bitansky, N., Canetti, R., Halevi, S.: Leakage-tolerant interactive protocols. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 266–284. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  6. 6.
    Boyle, E., Garg, S., Jain, A., Kalai, Y.T., Sahai, A.: Secure computation against adaptive auxiliary information. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 316–334. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. 7.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: STOC (2002)Google Scholar
  8. 8.
    Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Canetti, R., Kushilevitz, E., Lindell, Y.: On the limitations of universally composable two-party computation without set-up assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 135–167. Springer, Heidelberg (2003)Google Scholar
  10. 10.
    Canetti, R., Lin, H., Pass, R.: Adaptive hardness and composable security in the plain model from standard assumptions. In: FOCS (2010)Google Scholar
  11. 11.
    Deng, Y., Goyal, V., Sahai, A.: Resolving the simultaneous resettability conjecture and a new non-black-box simulation strategy. In: FOCS (2009)Google Scholar
  12. 12.
    Dziembowski, S., Pietrzak, K.: Intrusion-resilient secret sharing. In: FOCS (2007)Google Scholar
  13. 13.
    Garg, S., Goyal, V., Jain, A., Sahai, A.: Concurrently secure computation in constant rounds. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 99–116. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  14. 14.
    Garg, S., Jain, A., Sahai, A.: Leakage-resilient zero knowledge. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 297–315. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  15. 15.
    Garg, S., Kumarasubramanian, A., Ostrovsky, R., Visconti, I.: Impossibility results for static input secure computation. In: Safavi-Naini, R. (ed.) CRYPTO 2012. LNCS, vol. 7417, pp. 424–442. Springer, Heidelberg (2012)Google Scholar
  16. 16.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: STOC (1987)Google Scholar
  17. 17.
    Goldreich, O., Petrank, E.: Quantifying knowledge complexity. In: FOCS (1991)Google Scholar
  18. 18.
    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-time programs. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 39–56. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Goyal, V.: Positive results for concurrently secure computation in the plain model. In: FOCS (2012)Google Scholar
  20. 20.
    Goyal, V., Jain, A., Ostrovsky, R.: Password-authenticated session-key generation on the internet in the plain model. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 277–294. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  21. 21.
    Jain, A., Prabhakaran, M., Sahai, A., Wadia, A.: Oblivious transfer from any leaky functionality. In: Personal Communication (2013)Google Scholar
  22. 22.
    Katz, J.: Universally composable multi-party computation using tamper-proof hardware. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 115–128. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  23. 23.
    Kilian, J., Petrank, E.: Concurrent and resettable zero-knowledge in poly-loalgorithm rounds. In: STOC (2001)Google Scholar
  24. 24.
    Lin, H., Pass, R.: Black-box constructions of composable protocols without set-up. In: Safavi-Naini, R. (ed.) CRYPTO 2012. LNCS, vol. 7417, pp. 461–478. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  25. 25.
    Lindell, Y.: Bounded-concurrent secure two-party computation without setup assumptions. In: STOC (2003)Google Scholar
  26. 26.
    Lindell, Y.: General composition and universal composability in secure multi-party computation. In: FOCS (2003)Google Scholar
  27. 27.
    Lindell, Y.: Lower bounds for concurrent self composition. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 203–222. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  28. 28.
    Micali, S., Pass, R.: Local zero knowledge. In: STOC (2006)Google Scholar
  29. 29.
    Micali, S., Pass, R., Rosen, A.: Input-indistinguishable computation. In: FOCS, pp. 367–378 (2006)Google Scholar
  30. 30.
    Pandey, O., Pass, R., Sahai, A., Tseng, W.-L.D., Venkitasubramaniam, M.: Precise concurrent zero knowledge. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 397–414. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  31. 31.
    Pass, R.: Simulation in quasi-polynomial time, and its application to protocol composition. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, Springer, Heidelberg (2003)Google Scholar
  32. 32.
    Pass, R.: Bounded-concurrent secure multi-party computation with a dishonest majority. In: STOC (2004)Google Scholar
  33. 33.
    Pass, R., Rosen, A.: Bounded-concurrent secure two-party computation in a constant number of rounds. In: FOCS (2003)Google Scholar
  34. 34.
    Pass, R., Tseng, W.-L.D., Venkitasubramaniam, M.: Concurrent zero knowledge, revisited (2012) (manuscript)Google Scholar
  35. 35.
    Pass, R., Venkitasubramaniam, M.: On constant-round concurrent zero-knowledge. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. TCC, pp. 553–570. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  36. 36.
    Prabhakaran, M., Rosen, A., Sahai, A.: Concurrent zero knowledge with logarithmic round-complexity. In: FOCS, pp. 366–375 (2002)Google Scholar
  37. 37.
    Richardson, R., Kilian, J.: On the concurrent composition of zero-knowledge proofs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 415–431. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  38. 38.
    Yao, A.C.C.: How to generate and exchange secrets. In: FOCS (1986)Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Vipul Goyal
    • 1
  • Divya Gupta
    • 2
  • Abhishek Jain
    • 3
    • 4
  1. 1.Microsoft ResearchIndia
  2. 2.UCLAUSA
  3. 3.MITUSA
  4. 4.Boston UniversityUSA

Personalised recommendations