Abstract
Universal composability and concurrent general composition consider a setting where secure protocols are run concurrently with each other and with arbitrary other possibly insecure protocols. Protocols that meet the definition of universal composability are guaranteed to remain secure even when run in this strongly adversarial setting. In the case of an honest majority, or where there is a trusted setup phase of some kind (like a common reference string or the key-registration public-key infrastructure of Barak et al. in FOCS 2004), it has been shown that any functionality can be securely computed in a universally composable way. On the negative side, it has also been shown that in the plain model where there is no trusted setup at all, there are large classes of functionalities which cannot be securely computed in a universally composable way without an honest majority.
In this paper, we extend these impossibility results for universal composability. We study a number of public-key models and show for which models the impossibility results of universal composability hold and for which they do not. We also consider a setting where the inputs to the protocols running in the network are fixed before any execution begins. The majority of our results are negative and we show that the known impossibility results for universal composability in the case of no honest majority extend to many other settings.
Article PDF
Similar content being viewed by others
References
B. Barak, A. Sahai, How to play almost any mental game over the net—concurrent composition via super-polynomial simulation, in 46th FOCS (2005), pp. 543–552
B. Barak, R. Canetti, J. Nielsen, R. Pass, Universally composable protocols with relaxed set-up assumptions, in 45th FOCS (2004), pp. 186–195
B. Barak, R. Canetti, Y. Lindell, R. Pass, T. Rabin, Secure computation without authentication, in CRYPTO 2005. LNCS, vol. 3621 (Springer, Berlin, 2005), pp. 361–377
B. Barak, M. Prabhakaran, A. Sahai, Concurrent non-malleable zero-knowledge, in 47th FOCS (2006), pp. 345–354
D. Beaver, Foundations of secure interactive computing, in CRYPTO’91. LNCS, vol. 576 (Springer, Berlin, 1991), pp. 377–391
M. Ben-Or, S. Goldwasser, A. Wigderson, Completeness theorems for non-cryptographic fault-tolerant distributed computation, in 20th STOC (1988), pp. 1–10
R. Canetti, Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)
R. Canetti, Universally composable security: A new paradigm for cryptographic protocols, in 42nd FOCS (2001), pp. 136–145
R. Canetti, Universally composable signature, certification, and authentication, in 17th Computer Security Foundations Workshop (2004), pp. 219–235
R. Canetti, M. Fischlin, Universally composable commitments, in CRYPTO 2001. LNCS, vol. 2139 (Springer, Berlin, 2001), pp. 19–40
R. Canetti, R. Ostrovsky, Secure computation with honest-looking parties: What if nobody is truly honest? in 31st STOC (1999), pp. 255–264
R. Canetti, O. Goldreich, S. Goldwasser, S. Micali, Resettable zero-knowledge, in 32nd STOC (2000), pp. 235–244
R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai, Universally composable two-party and multi-party computation, in 34th STOC (2002), pp. 494–503
R. Canetti, E. Kushilevitz, Y. Lindell, On the limitations of universal composable two-party computation without set-up assumptions. J. Cryptol. 19(2), 135–167 (2006)
D. Chaum, C. Crépeau, I. Damgård, Multi-party unconditionally secure protocols, in 20th STOC (1988), pp. 11–19
I. Damgård, J.B. Nielsen, C. Orlandi, On the necessary and sufficient assumptions for UC computation, in 7th TCC. LNCS, vol. 5978 (Springer, Berlin, 2010), pp. 109–127
A. Datta, A. Derek, J.C. Mitchell, A. Ramanathan, A. Scedrov, Games and the impossibility of realizable ideal functionality, in 3rd TCC. LNCS, vol. 3876 (Springer, Berlin, 2006), pp. 360–379
Y. Deng, G.D. Crescenzo, D. Lin, Concurrently non-malleable zero knowledge in the authenticated public-key model. Cryptology ePrint Archive, Report #2006/314, 2006
O. Goldreich, Foundations of Cryptography: Volume 2—Basic Applications (Cambridge University Press, Cambridge, 2004)
O. Goldreich, S. Micali, A. Wigderson, How to play any mental game—A completeness theorem for protocols with honest majority, in 19th STOC (1987), pp. 218–229
S. Goldwasser, L. Levin, Fair computation of general functions in presence of immoral majority, in CRYPTO’90. LNCS, vol. 537 (Springer, Berlin, 1990), pp. 77–93
Y. Kalai, Y. Lindell, M. Prabhakaran, Concurrent general composition of secure protocols in the timing model, in 37th STOC (2005), pp. 644–653
E. Kushilevitz, Y. Lindell, T. Rabin, Information-theoretically secure protocols and security under composition, in 38th STOC (2006), pp. 109–118
H. Lin, R. Pass, M. Venkitasubramaniam, A unified framework for concurrent security: Universal composability from stand-alone non-malleability, in 41st STOC (2009), pp. 179–188
Y. Lindell, Composition of Secure Multi-Party Protocols—A Comprehensive Study, LNCS, vol. 2815 (Springer, Berlin, 2003)
Y. Lindell, General composition and universal composability in secure multi-party computation, in 44th FOCS (2003), pp. 394–403
Y. Lindell, Lower bounds for concurrent self composition, in 1st Theory of Cryptography Conference (TCC). LNCS, vol. 2951 (Springer, Berlin, 2004), pp. 203–222
S. Micali, P. Rogaway, Secure computation. Unpublished manuscript, 1992. Preliminary version in CRYPTO’91, LNCS, vol. 576 (Springer, Berlin, 1991), pp. 392–404
R. Ostrovsky, G. Persiano, I. Visconti, Concurrent non-malleable witness indistinguishability and its applications. Cryptology ePrint Archive, Report #2006/256, 2006
R. Pass, Simulation in quasi-polynomial time, and its application to protocol composition, in Eurocrypt 2003. LNCS, vol. 2656 (Springer, Berlin, 2003), pp. 160–176
M. Prabhakaran, A. Sahai, New notions of security: Universal composability without trusted setup, in 36th STOC (2004), pp. 242–251
A. Yao, How to generate and exchange secrets, in 27th FOCS (1986), pp. 162–167
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Ivan Damgård
This research was partially supported by the Israel Science Foundation (grant No. 781/07).
Rights and permissions
About this article
Cite this article
Kidron, D., Lindell, Y. Impossibility Results for Universal Composability in Public-Key Models and with Fixed Inputs. J Cryptol 24, 517–544 (2011). https://doi.org/10.1007/s00145-010-9069-7
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-010-9069-7