A Simpler Variant of Universally Composable Security for Standard Multiparty Computation

  • Ran Canetti
  • Asaf Cohen
  • Yehuda Lindell
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9216)


In this paper, we present a simpler and more restricted variant of the universally composable security (UC) framework that is suitable for “standard” two-party and multiparty computation tasks. Many of the complications of the UC framework exist in order to enable more general tasks than classic secure computation. This generality may be a barrier to entry for those who are used to the stand-alone model of secure computation and wish to work with universally composable security but are overwhelmed by the differences. The variant presented here (called simplified universally composable security, or just SUC) is closer to the definition of security for multiparty computation in the stand-alone setting. The main difference is that a protocol in the SUC framework runs with a fixed set of parties, and machines cannot be added dynamically to the execution. As a result, the definitions of polynomial time and protocol composition are much simpler. In addition, the SUC framework has authenticated channels built in, as is standard in previous definitions of security, and all communication is done via the adversary in order to enable arbitrary scheduling of messages. Due to these differences, not all cryptographic tasks can be expressed in the SUC framework. Nevertheless, standard secure computation tasks (like secure function evaluation) can be expressed. Importantly, we show that for every protocol that can be represented in the SUC framework, the protocol is secure in SUC if and only if it is secure in UC. Therefore, the UC composition theorem holds and any protocol that is proven secure under SUC is secure under the general framework (with some technical changes to the functionality definition). As a result, protocols that are secure in the SUC framework are secure when an a priori unbounded number of concurrent executions of the protocols take place (relative to the same fixed set of parties).


  1. 1.
    Beaver, D.: Foundations of secure interactive computing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 377–391. Springer, Heidelberg (1992) Google Scholar
  2. 2.
    Blum, M.: How to prove a theorem so no one else can claim it. In: Proceedings of the International Congress of Mathematicians, pp. 1444–1451, USAGoogle Scholar
  3. 3.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. cryptology 13(1), 143–202 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: In the \(42\)nd FOCS, pp. 136–145 (2001)Google Scholar
  5. 5.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067 (revision of 13 December 2005)Google Scholar
  6. 6.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067 (revision of 16 July 2013)Google Scholar
  7. 7.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067 (revised 13 December 2005 and re-revised April 2013)Google Scholar
  8. 8.
    Canetti, R.: Obtaining universally compoable security: towards the bare bones of trust. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 88–112. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  9. 9.
    Canetti, R., Cohen, A., Lindell, Y.: A simpler variant of universally composable security for standard multiparty computation (full version). Cryptology ePrint Archive, Report 2014/553 (2014)Google Scholar
  10. 10.
    Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  11. 11.
    Canetti, R., Herzberg, A.: Maintaining security in the presence of transient faults. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 425–438. Springer, Heidelberg (1994) Google Scholar
  12. 12.
    Canetti, R., Lindell, Y., Ostrovsky, R.,Sahai, A.: Universally composable two-party and multi-party secure computation. In: In the \(34\)th STOC, pp. 494–503 (2002). Reference is to page 13 of Cryptology ePrint Archive Report 2002/140 (version of 14 July 2003)Google Scholar
  13. 13.
    Canetti, R., Rabin, T.: Universal Composition with Joint State. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 265–281. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  14. 14.
    Damgård, I., Polychroniadou, A., Rao, V.: Adaptively Secure UC constant round multi-party computation. Cryptology ePrint Archive, Report 2014/830 (2014)Google Scholar
  15. 15.
    Goldreich, O.: Foundations of Cryptography: Volume 2 - Basic Applications. Cambridge University Press, Cambridge (2004) CrossRefGoogle Scholar
  16. 16.
    Goldwasser, S., Levin, L.A.: Fair computation of general functions in presence of immoral majority. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 77–93. Springer, Heidelberg (1991) Google Scholar
  17. 17.
    Hofheinz, D., Müller-Quade, J., Steinwandt, R.: Initiator-resilient universally composable key exchange. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 61–84. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  18. 18.
    Hofheinz, D., Müller-Quade, J., Unruh, D.: Polynomial runtime and composability. IACR Cryptology ePrint Archive, report 2009/23 (2009)Google Scholar
  19. 19.
    Hofheinz, D., Shoup, V.: GNUC: a new universal composability framework. IACR Cryptology ePrint Archive, report 2011/303 (2011)Google Scholar
  20. 20.
    Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Universally composable synchronous computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 477–498. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  21. 21.
    Küsters, R.: Simulation-based security with inexhaustible interactive turing machines. In: CSFW, pp. 309–320 (2006)Google Scholar
  22. 22.
    Küsters, R., Tuengerthal, M.: The IITM model: a simple and expressive model for universal composability. IACR Cryptology ePrint Archive, report 2013/25 (2013)Google Scholar
  23. 23.
    Lindell, Y.: General composition and universal composability in secure multi-party computation. J. Cryptology 22(3), 395–428 (2009). An extended abstract appeared in the \(44\)th FOCS, pp. 394–403 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Lynch, N.A., Segala, R., Vaandrager, F.W.: Compositionality for probabilistic automata. In: Amadio, R.M., Lugiez, D. (eds.) CONCUR 2003. LNCS, vol. 2761, pp. 208–221. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  25. 25.
    Micali, S., Rogaway, P.: Secure computation. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 392–404. Springer, Heidelberg (1992) Google Scholar
  26. 26.
    Micciancio, D., Tessaro, S.: An Equational Approach to Secure Multi-Party Computation. In: ITCS 2013, pp. 355–372 (2013)Google Scholar
  27. 27.
    Pfitzmann, B., Waidner, M.: Composition and integrity preservation of secure reactive systems. In: In 7th ACM Conference on Computer and Communication Security, pp. 245–254 (2000)Google Scholar
  28. 28.
    Wikström, D.: On the Security of Mix-Nets and Hierarchical Group Signatures. Ph.D. thesis (2005)Google Scholar

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  1. 1.Boston UniversityBostonUSA
  2. 2.Tel-Aviv UniversityTel AvivIsrael
  3. 3.Bar-Ilan UniversityRamat GanIsrael

Personalised recommendations