research-article

Public Access

Universally Composable Security

Author:

Ran CanettiAuthors Info & Claims

Journal of the ACM (JACM), Volume 67, Issue 5

Article No.: 28, Pages 1 - 94

https://doi.org/10.1145/3402457

Published: 16 September 2020 Publication History

All formats PDF

Editorial Notes

The editors have requested minor, non-substantive changes to the VoR and, in accordance with ACM policies, a Corrected VoR was published on October 14, 2020. For reference purposes the VoR may still be accessed via the Supplemental Material section on this page.

Abstract

This work presents a general framework for describing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols is preserved under a general composition operation, called universal composition. The proposed framework with its security-preserving composition operation allows for modular design and analysis of complex cryptographic protocols from simpler building blocks. Moreover, within this framework, protocols are guaranteed to maintain their security in any context, even in the presence of an unbounded number of arbitrary protocol sessions that run concurrently in an adversarially controlled manner. This is a useful guarantee, which allows arguing about the security of cryptographic protocols in complex and unpredictable environments such as modern communication networks.

Supplementary Material

3402457-VoR (3402457-vor.pdf)

Version of Record for "Universally Composable Security" by Canetti, Journal of the ACM Volume 67, Issue 5 (JACM 67:5).

Download
3.76 MB

References

[1]

Martín Abadi and Andrew Gordon. 1999. A calculus for cryptographic protocols: The Spi calculus. Info. Comput. 148, 1 (1999), 1--70.

Digital Library

[2]

Martín Abadi and Phillip Rogaway. 2000. Reconciling two views of cryptography (The computational soundness of formal encryption). In Proceedings of the IFIP International Conference on Theoretical Computer Science (IFIP-TCS’00) (Lecture Notes in Computer Science), Jan van Leeuwen, Osamu Watanabe, Masami Hagiya, Peter D. Mosses, and Takayasu Ito (Eds.), Vol. 1872. Springer-Verlag, 3--22.

[3]

Masayuki Abe and Serge Fehr. 2004. Adaptively secure Feldman VSS and applications to universally composable threshold cryptography. In Proceedings of the 24th Annual International Cryptology Conference (CRYPTO’04). 317--334.

[4]

Jesús F. Almansa. 2005. The full abstraction of the UC framework. IACR Cryptol. ePrint Arch. 2005 (2005), 19. Retrieved from http://eprint.iacr.org/2005/019.

[5]

Michael Backes, Birgit Pfitzmann, and Michael Waidner. 2004. A general composition theorem for secure reactive systems. In Theory of Cryptography (LNCS), Moni Naor (Ed.), Vol. 2951. Springer, 336--354.

[6]

Michael Backes, Birgit Pfitzmann, and Michael Waidner. 2007. The reactive simulatability (RSIM) framework for asynchronous systems. Info. Comput. 205, 12 (2007), 1685--1720.

Digital Library

[7]

Boaz Barak. 2001. How to go beyond the black-box simulation barrier. In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (FOCS’01). 106--115.

[8]

Boaz Barak, Ran Canetti, Yehuda Lindell, Rafael Pass, and Tal Rabin. 2011. Secure computation without authentication. J. Cryptol. 24, 4 (2011), 720--760.

Digital Library

[9]

Boaz Barak, Oded Goldreich, Shafi Goldwasser, and Yehuda Lindell. 2001. Resettably sound zero-knowledge and its applications. In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (FOCS’01). 116--125.

[10]

Boaz Barak, Yehuda Lindell, and Tal Rabin. 2004. Protocol initialization for the framework of universal composability. IACR Cryptol. ePrint Arch. 2004 (2004), 6. Retrieved from http://eprint.iacr.org/2004/006.

[11]

Boaz Barak and Amit Sahai. 2005. How to play almost any mental game over the net—Concurrent composition via super-polynomial simulation. In Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS’05). 543--552.

Digital Library

[12]

Donald Beaver. 1991. Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority. J. Cryptol. 4, 2 (Jan. 1991), 75--122.

Digital Library

[13]

Donald Beaver. 1996. Adaptive zero knowledge and computational equivocation (extended abstract). In Proceedings of the 28th Annual ACM Symposium on the Theory of Computing. 629--638.

Digital Library

[14]

Mihir Bellare, Anand Desai, David Pointcheval, and Phillip Rogaway. [n.d.]. Relations among notions of security for public-key encryption schemes. 26--45. Retrieved from http://www.cs.ucsd.edu/users/mihir/papers/relations.html.

[15]

Mihir Bellare and Phillip Rogaway. [n.d.]. Entity authentication and key distribution. In Proceedings of the Annual Cryptology Conference (CRYPTO’93). 232--249. Retrieved from http://www-cse.ucsd.edu/users/mihir/.

[16]

Michael Ben-Or, Ran Canetti, and Oded Goldreich. 1993. Asynchronous secure computation. In Proceedings of the 25th Annual ACM Symposium on Theory of Computing. 52--61.

Digital Library

[17]

Michael Ben-Or and Dominic Mayers. 2004. General security definition and composability for quantum 8 classical protocols. arXiv preprint quant-ph/0409062, 2004 - arxiv.org.

[18]

Eli Biham and Adi Shamir. 1997. Differential fault analysis of secret key cryptosystems. In Proceedings of the Annual Cryptology Conference (CRYPTO’97).

[19]

Ray Bird, Inder S. Gopal, Amir Herzberg, Philippe A. Janson, Shay Kutten, Refik Molva, and Moti Yung. 1991. Systematic design of two-party authentication protocols. In Proceedings of the Annual Cryptology Conference (CRYPTO’91).

[20]

Nir Bitansky, Ran Canetti, and Shai Halevi. 2012. Leakage-tolerant interactive protocols. IACR Cryptol. ePrint Arch. 2011 (2012), 204.

[21]

Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 1997. On the importance of checking cryptographic protocols for faults (extended abstract). In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’97).

[22]

Gilles Brassard, David Chaum, and Claude Crépeau. 1988. Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37 (1988), 156--189.

Digital Library

[23]

Ran Canetti. 2000. Security and composition of multi-party cryptographic protocols. J. Cryptol. 13, 1 (Jan. 2000), 143--202.

Digital Library

[24]

Ran Canetti. 2000. Universally composable security: A new paradigm for cryptographic protocols. IACR Cryptol. ePrint Arch. 2000 (2000), 67.

[25]

Ran Canetti. 2001. Universally composable security: A new paradigm for cryptographic protocols. In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (FOCS’01). 136--145.

[26]

Ran Canetti. 2004. Universally composable signature, certification, and authentication. In Proceedings of the 17th IEEE Computer Security Foundations Workshop. 219--233.

Digital Library

[27]

Ran Canetti. 2006. Security and composition of cryptographic protocols: A tutorial. SIGACT News 37 (2006), 67--92.

Digital Library

[28]

Ran Canetti. 2007. Obtaining universally compoable security: Toward the bare bones of trust. IACR Cryptol. ePrint Arch. 2007 (2007), 475.

[29]

Ran Canetti. 2008. Composable formal security analysis: Juggling soundness, simplicity and efficiency. In Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP’08).

Digital Library

[30]

Ran Canetti. 2013. Security and composition of cryptographic protocols: A tutorial. In Secure Multi-Party Computation (Cryptology and Information Security Series 10), Manoj Prabhakaran and Amit Sahai (Eds.). IOS Press, 61--119.

[31]

Ran Canetti. 1995. Studies in Secure Multi-party Computation and Applications. Ph.D. Thesis, Weizmann Institute, Israel.

[32]

Ran Canetti, Ling Cheung, Dilsun Kirli Kaynar, Moses D. Liskov, Nancy A. Lynch, Olivier Pereira, and Roberto Segala. 2018. Task-structured probabilistic I/O automata. J. Comput. Syst. Sci. 94 (2018), 63--97.

[33]

Ran Canetti, Asaf Cohen, and Yehuda Lindell. 2015. A simpler variant of universally composable security for standard multiparty computation. In Proceedings of the 35th Annual Cryptology Conference (CRYPTO’15). 3--22.

[34]

Ran Canetti, Yevgeniy Dodis, Rafael Pass, and Shabsi Walfish. 2007. Universally composable security with global setup. In Theory of Cryptography, Salil P. Vadhan (Ed.). Springer, Berlin, 61--85.

[35]

Ran Canetti, Uriel Feige, Oded Goldreich, and Moni Naor. 1996. Adaptively secure multi-party computation. In Proceedings of the 28th Annual ACM Symposium on the Theory of Computing. 639--648.

Digital Library

[36]

Ran Canetti and Marc Fischlin. 2001. Universally composable commitments. In Proceedings of the 21st Annual Cryptology Conference (CRYPTO’01). 19--40.

Digital Library

[37]

Ran Canetti and Rosario Gennaro. 1996. Incoercible multiparty computation. In Proceedings of the 37th Annual Symposium on Foundations of Computer Science (FOCS’96). 504--513.

Digital Library

[38]

Ran Canetti, Shafi Goldwasser, and Oxana Poburinnaya. 2015. Adaptively secure two-party computation from indistinguishability obfuscation. In Proceedings of the 12th Theory of Cryptography Conference (TCC’15). 557--585.

[39]

Ran Canetti, Shai Halevi, and Jonathan Katz. 2005. Adaptively secure, non-interactive public-key encryption. In Proceedings of the 2nd Theory of Cryptography Conference (TCC’05). 150--168.

Digital Library

[40]

Ran Canetti and Jonathan Herzog. 2011. Universally composable symbolic security analysis. J. Cryptol. 24, 1 (2011), 83--147.

Digital Library

[41]

Ran Canetti and Hugo Krawczyk. [n.d.]. Analysis of key-exchange protocols and their use for building secure channels. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt’01). 453--474.

[42]

Ran Canetti and Hugo Krawczyk. [n.d.]. Universally composable notions of key exchange and secure channels. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt’02). 337--351.

[43]

Ran Canetti, Hugo Krawczyk, and Jesper Buus Nielsen. 2003. Relaxing chosen-ciphertext security. In Proceedings of the 23rd Annual International Cryptology Conference (CRYPTO’03). 565--582.

[44]

Ran Canetti, Yehuda Lindell, Rafail Ostrovsky, and Amit Sahai. 2002. Universally composable two-party and multi-party secure computation. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’02). ACM, 494--503.

Digital Library

[45]

Ran Canetti and Tal Rabin. 1993. Fast asynchronous Byzantine agreement with optimal resilience. In Proceedings of the 25th Annual ACM Symposium on Theory of Computing (STOC’93), S. Rao Kosaraju, David S. Johnson, and Alok Aggarwal (Eds.). ACM, 42--51.

Digital Library

[46]

Ran Canetti and Tal Rabin. 2003. Universal composition with joint state. In Proceedings of the Annual Cryptology Conference (CRYPTO’03) (LNCS), Dan Boneh (Ed.), Vol. 2729. Springer, 265--281.

[47]

Ran Canetti, Daniel Shahaf, and Margarita Vald. 2016. Universally composable authentication and key-exchange with global PKI. In Proceedings of the Conference on Public-Key Cryptography (PKC’16), Chen-Mou Cheng, Kai-Min Chung, Giuseppe Persiano, and Bo-Yin Yang (Eds.). Springer, Berlin, 265--296.

Digital Library

[48]

Ran Canetti and Margarita Vald. 2012. Universally composable security with local adversaries. In Proceedings of the Conference on Simulation of Computer Networks (SCN’12) (Lecture Notes in Computer Science), Vol. 7485. Springer, 281--301.

Digital Library

[49]

Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. 1999. Toward sound approaches to counteract power-analysis attacks. In Proceedings of the Annual Cryptology Conference (CRYPTO’99).

[50]

Benny Chor and Lior Moscovici. 1989. Solvability in asynchronous environments (extended abstract). In Proceedings of the Annual Symposium on Foundations of Computer Science (FOCS’89).

Digital Library

[51]

Benny Chor and Lee-Bath Nelson. 1999. Solvability in asynchronous environments II: Finite interactive tasks. SIAM J. Comput. 29 (1999), 351--377.

Digital Library

[52]

Giovanni Di Crescenzo, Yuval Ishai, and Rafail Ostrovsky. 1998. Non-interactive and non-malleable commitment. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’98). 141--150.

Digital Library

[53]

Anupam Datta. 2005. Security Analysis of Network Protocols: Compositional Reasoning and Complexity-theoretic Foundations. Ph.D. Thesis, Computer Science Department, Stanford University.

[54]

Yevgeniy Dodis and Silvio Micali. 2000. Parallel reducibility for information-theoretically secure computation. In Proceedings of the Annual Cryptology Conference (CRYPTO’00).

[55]

Danny Dolev, Cynthia Dwork, and Moni Naor. 2000. Nonmalleable cryptography. SIAM J. Comput. 30, 2 (2000), 391--437.

Digital Library

[56]

Cynthia Dwork, Moni Naor, and Amit Sahai. 2004. Concurrent zero-knowledge. J. ACM 51, 6 (2004), 851--898.

Digital Library

[57]

Shimon Even, Oded Goldreich, and Abraham Lempel. 1985. A randomized protocol for signing contracts. Commun. ACM 28, 6 (1985), 637--647.

Digital Library

[58]

Marc Fischlin and Roger Fischlin. 2000. Efficient non-malleable commitment schemes. In Proceedings of the 35th Annual Cryptology Conference (CRYPTO’00) (Lecture Notes in Computer Science), Vol. 1880. Springer, 413--431.

[59]

Juan Garay and Philip MacKenzie. 2000. Concurrent oblivious transfer. In Proceedings of the Annual Symposium on Foundations of Computer Science (FOCS’00). IEEE Computer Society, 314--324.

[60]

Rosario Gennaro, Anna Lysyanskaya, Tal Malkin, Silvio Micali, and Tal Rabin. 2004. Algorithmic tamper-proof (ATP) security: Theoretical foundations for security against hardware tampering. In Proceedings of the Theory of Cryptography Conference (TCC’04) (Lecture Notes in Computer Science), Vol. 2951. Springer, 258--277.

[61]

Oded Goldreich. 2001. Foundations of Cryptography—Basic Tools. Cambridge University Press.

[62]

Oded Goldreich. 2002. Concurrent zero-knowledge with timing, revisited. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’02). ACM, 332--340.

Digital Library

[63]

Oded Goldreich. 2004. The Foundations of Cryptography—Volume 2: Basic Applications. Cambridge University Press.

[64]

Oded Goldreich and Ariel Kahan. 1996. How to construct constant-round zero-knowledge proof systems for NP. J. Cryptol. 9, 3 (1996), 167--190.

[65]

Oded Goldreich and Hugo Krawczyk. 1996. On the composition of zero-knowledge proof systems. SIAM J. Comput. 25, 1 (1996), 169--192.

Digital Library

[66]

Oded Goldreich and Yehuda Lindell. 2006. Session-key generation using human passwords only. J. Cryptol. 19, 3 (2006), 241--340.

Digital Library

[67]

Oded Goldreich, Silvio Micali, and Avi Wigderson. 2019. How to play any mental game, or a completeness theorem for protocols with honest majority. In Providing Sound Foundations for Cryptography. ACM, 307--328.

[68]

Oded Goldreich and Yair Oren. 1994. Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7, 1 (1994), 1--32.

Digital Library

[69]

Shafi Goldwasser and Leonid A. Levin. 1990. Fair computation of general functions in presence of immoral majority. In Proceedings of the Annual Cryptology Conference (CRYPTO’90) (Lecture Notes in Computer Science), Vol. 537. Springer, 77--93.

[70]

Shafi Goldwasser and Silvio Micali. 1984. Probabilistic encryption. J. Comput. Syst. Sci. 28, 2 (1984), 270--299.

[71]

Shafi Goldwasser, Silvio Micali, and Charles Rackoff. 1989. The knowledge complexity of interactive proof systems. SIAM J. Comput. 18, 1 (1989), 186--208.

Digital Library

[72]

Jens Groth, Rafail Ostrovsky, and Amit Sahai. 2012. New techniques for noninteractive zero-knowledge. J. ACM 59, 3 (2012), 11:1--11:35.

Digital Library

[73]

Martin Hirt and Ueli M. Maurer. 1997. Complete characterization of adversaries tolerable in secure multi-party computation (extended abstract). In Proceedings of the Symposium on Principles of Distributed Computing (PODC’97). ACM, 25--34.

[74]

C. A. R. Hoare. 1985. Communicating Sequential Processes. Prentice-Hall.

Digital Library

[75]

Dennis Hofheinz and Jörn Müller-Quade. 2004. A synchronous model for multi-party computation and the incompleteness of oblivious transfer. IACR Cryptol. ePrint Arch. 2004 (2004), 16.

[76]

Dennis Hofheinz, Jörn Müller-Quade, and Rainer Steinwandt. 2003. Initiator-resilient universally composable key exchange. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’03) (Lecture Notes in Computer Science), Vol. 2808. Springer, 61--84.

[77]

Dennis Hofheinz and Victor Shoup. 2015. GNUC: A new universal composability framework. J. Cryptol. 28, 3 (2015), 423--508.

Digital Library

[78]

Dennis Hofheinz and Dominique Unruh. 2005. Comparing two notions of simulatability. In Proceedings of the Theory of Cryptography Conference (TCC’05) (Lecture Notes in Computer Science), Vol. 3378. Springer, 86--103.

Digital Library

[79]

Dennis Hofheinz, Dominique Unruh, and Jörn Müller-Quade. 2013. Polynomial runtime and composability. J. Cryptol. 26, 3 (2013), 375--441.

Digital Library

[80]

Gilles Kahn. 1974. The semantics of a simple language for parallel programming. In Proceedings of the International Federation for Information Processing Congress (IFIP’74). North-Holland, 471--475.

[81]

Yael Tauman Kalai, Yehuda Lindell, and Manoj Prabhakaran. 2005. Concurrent general composition of secure protocols in the timing model. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’05).

Digital Library

[82]

Jonathan Katz, Ueli Maurer, Björn Tackmann, and Vassilis Zikas. 2013. Universally composable synchronous computation. In Proceedings of the Theory of Cryptography Conference (TCC’13) (Lecture Notes in Computer Science), Vol. 7785. Springer, 477--498.

Digital Library

[83]

Paul C. Kocher. 1996. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Proceedings of the Annual Cryptology Conference (CRYPTO’96).

[84]

Ralf Küsters. 2006. Simulation-based security with inexhaustible interactive Turing machines. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW’06) (2006), 12 pp.--320.

Digital Library

[85]

Ralf Küsters, Anupam Datta, John C. Mitchell, and Ajith Ramanathan. 2008. On the relationships between notions of simulation-based security. J. Cryptol. 21 (2008), 492--546.

Digital Library

[86]

Ralf Küsters, Max Tuengerthal, and Daniel Rausch. 2020. The IITM model: A simple and expressive model for universal composability. J. Cryptol. (2020).

[87]

Patrick Lincoln, John C. Mitchell, Mark Mitchell, and Andre Scedrov. 1998. A probabilistic poly-time framework for protocol analysis. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’98).

Digital Library

[88]

Patrick Lincoln, John C. Mitchell, Mark Mitchell, and Andre Scedrov. 1999. Probabilistic polynomial-time equivalence and security analysis. In Proceedings of the World Congress on Formal Methods.

[89]

Yehuda Lindell. 2003. General composition and universal composability in secure multi-party computation. In Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science. 394--403.

Digital Library

[90]

Yehuda Lindell, Anna Lysyanskaya, and Tal Rabin. 2002. On the composition of authenticated byzantine agreement. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’02).

Digital Library

[91]

Nancy A. Lynch. 1996. Distributed Algorithms. Morgan Kaufmann.

[92]

Nancy A. Lynch, Roberto Segala, and Frits W. Vaandrager. 2003. Compositionality for probabilistic automata. In Proceedings of the International Conference on Concurrency Theory (CONCUR’03).

[93]

Paulo Mateus, John C. Mitchell, and Andre Scedrov. 2003. Composition of cryptographic protocols in a probabilistic polynomial-time process calculus. In Proceedings of the International Conference on Concurrency Theory (CONCUR’03).

[94]

Ueli Maurer and Renato Renner. 2011. Abstract cryptography. In Proceedings of the Innovations in Computer Science (ICS'11), Bernard Chazelle (Ed.). Tsinghua University Press, 1--21.

[95]

Silvio Micali and Leonid Reyzin. 2004. Physically observable cryptography. In Proceedings of the Theory of Cryptography Conference (TCC’04).

[96]

Silvio Micali and Phillip Rogaway. 1991. Secure computation. In Unpublished Manuscript. Preliminary version in Advances in Cryptology—CRYPTO (LNCS), Joan Feigenbaum (Ed.), Vol. 576. Springer, 392--404.

[97]

Daniele Micciancio and Stefano Tessaro. 2013. An equational approach to secure multi-party computation. In Proceedings of the Conference on Innovations in Theoretical Computer Science (ITCS’13). ACM, 355--372.

Digital Library

[98]

Daniele Micciancio and Bogdan Warinschi. 2004. Soundness of formal encryption in the presence of active adversaries. In Proceedings of the Theory of Cryptography Conference (TCC’04) (Lecture Notes in Computer Science). Springer, 133--151.

[99]

Robin Milner. 1989. Communication and Concurrency. Prentice Hall.

Digital Library

[100]

Robin Milner. 1999. Communicating and Mobile Systems—The Pi-calculus. Cambridge University Press.

Digital Library

[101]

John C. Mitchell, Mark Mitchell, and Andre Scedrov. 1998. A linguistic characterization of bounded oracle computation and probabilistic polynomial time. In Proceedings of the Annual Symposium on Foundations of Computer Science (FOCS’98). IEEE Computer Society, 725--733.

[102]

Moni Naor and Moti Yung. 1990. Public-key cryptosystems provably secure against chosen ciphertext attacks. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’90). ACM, 427--437.

Digital Library

[103]

Jesper Buus Nielsen. 2002. Separating random oracle proofs from complexity theoretic proofs: The non-committing encryption case. In Proceedings of the Annual Cryptology Conference (CRYPTO’02) (Lecture Notes in Computer Science), Vol. 2442. Springer, 111--126.

[104]

Jesper Buus Nielsen. 2003. On protocol security in the cryptographic model. Ph.D. Thesis, Arhus University.

[105]

Rafael Pass. 2004. Bounded-concurrent secure multi-party computation with a dishonest majority. In Proceedings of the Annual ACM Symposium on Theory of Computing (STOC’04).

Digital Library

[106]

Rafael Pass. 2006. A precise computational approach to knowledge. Ph.D. Thesis, MIT.

[107]

Birgit Pfitzmann, Matthias Schunter, and Michael Waidner. 2000. Cryptographic security of reactive systems. Electron. Notes Theor. Comput. Sci. 32 (2000), 59--77.

[108]

Birgit Pfitzmann and Michael Waidner. 2000. Composition and integrity preservation of secure reactive systems. In Proceedings of the ACM Conference on Computer and Communications Security.

Digital Library

[109]

Birgit Pfitzmann and Michael Waidner. 2001. A model for asynchronous reactive systems and its application to secure message transmission. Proceedings of the IEEE Symposium on Security and Privacy (S8P’01). 184--200.

[110]

Birgit Pfitzmann and Michael Waidner. 1994. Hildesheimer Informatik-Berichte 11/94, Universitat Hildesheim. Retrieved from http://www.semper.org/sirene/lit.

[111]

Manoj Prabhakaran and Amit Sahai. 2004. New notions of security: Achieving universal composability without trusted setup. IACR Cryptol. ePrint Arch. 2004 (2004), 139.

[112]

Michael O. Rabin. 1981. How to exchange secrets with oblivious transfer. Technical report TR-81, Aiken Computation Laboratory, Harvard University (1981).

[113]

Charles Rackoff and Daniel R. Simon. 1991. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In Proceedings of the Annual Cryptology Conference (CRYPTO’91).

[114]

Ransom Richardson and Joe Kilian. 1999. On the concurrent composition of zero-knowledge proofs. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’99).

[115]

Roberto Segala and Nancy A. Lynch. 1994. Probabilistic simulations for probabilistic processes. Nord. J. Comput. 2 (1994), 250--273.

[116]

Victor Shoup. 1999. On formal models for secure key exchange. IACR Cryptol. ePrint Arch. 1999 (1999), 12.

[117]

Michael Sipser. 2013. Introduction to the Theory of Computation, 3rd ed. Cengage Learning Publishing Company.

[118]

Douglas Wikström. 2016. Simplified universal composability framework. In Proceedings of the Theory of Cryptography Conference (TCC’16).

Digital Library

[119]

Douglas Wikström. 2005. On the security of mix-nets and hierarchical group signatures. Ph.D. Thesis, KTH.

[120]

Andrew Chi-Chih Yao. 1982. Protocols for secure computations. In Proceedings of the 22nd Annual Symposium on Foundations of Computer Science (FOCS’82).

[121]

Andrew Chi-Chih Yao. 1982. Theory and applications of trapdoor functions (extended abstract). In Proceedings of the 22nd Annual Symposium on Foundations of Computer Science (FOCS’82). 80--91.

Cited By

Xiao MZhong YLi ZChen F(2024)Formal Analysis of DTLS-SRTP Combined Protocol Based on Logic of EventsApplied Sciences10.3390/app1405180414:5(1804)Online publication date: 22-Feb-2024
https://doi.org/10.3390/app14051804
Santos MMateus PVlachou C(2024)Quantum Universally Composable Oblivious Linear EvaluationQuantum10.22331/q-2024-10-23-15078(1507)Online publication date: 23-Oct-2024
https://doi.org/10.22331/q-2024-10-23-1507
Garay JKiayias ALeonardos N(2024)The Bitcoin Backbone Protocol: Analysis and ApplicationsJournal of the ACM10.1145/365344571:4(1-49)Online publication date: 18-Apr-2024
https://dl.acm.org/doi/10.1145/3653445
Show More Cited By

Index Terms

Universally Composable Security
1. Security and privacy
  1. Formal methods and theory of security
2. Theory of computation
  1. Computational complexity and cryptography
    1. Cryptographic protocols
  2. Models of computation
    1. Concurrency
      1. Distributed computing models
      2. Process calculi

Recommendations

Universally composable contributory group key exchange
ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security

We treat the security of group key exchange (GKE) in the universal composability (UC) framework. Analyzing GKE protocols in the UC framework naturally addresses attacks by malicious insiders. We define an ideal functionality for GKE that captures ...
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01: Proceedings of the 42nd IEEE symposium on Foundations of Computer Science

We propose a new paradigm for defining security of cryptographic protocols, called universally composable security. The salient property of universally composable definitions of security is that they guarantee security even when a secure protocol is ...
Incoercible Multi-party Computation and Universally Composable Receipt-Free Voting
Advances in Cryptology -- CRYPTO 2015
Abstract
Composable notions of incoercibility aim to forbid a coercer from using anything beyond the coerced parties’ inputs and outputs to catch them when they try to deceive him. Existing definitions are restricted to weak coercion types, and/or are not ...

Comments

Information & Contributors

Information

Published In

cover image Journal of the ACM

Journal of the ACM Volume 67, Issue 5

October 2020

274 pages

ISSN:0004-5411

EISSN:1557-735X

DOI:10.1145/3420255

Editor:
Éva Tardos
Cornell University

Issue’s Table of Contents

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 September 2020

Received: 01 October 2017

Published in JACM Volume 67, Issue 5

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

59
Total Citations
View Citations
2,442
Total Downloads

Downloads (Last 12 months)845
Downloads (Last 6 weeks)131

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Xiao MZhong YLi ZChen F(2024)Formal Analysis of DTLS-SRTP Combined Protocol Based on Logic of EventsApplied Sciences10.3390/app1405180414:5(1804)Online publication date: 22-Feb-2024
https://doi.org/10.3390/app14051804
Santos MMateus PVlachou C(2024)Quantum Universally Composable Oblivious Linear EvaluationQuantum10.22331/q-2024-10-23-15078(1507)Online publication date: 23-Oct-2024
https://doi.org/10.22331/q-2024-10-23-1507
Garay JKiayias ALeonardos N(2024)The Bitcoin Backbone Protocol: Analysis and ApplicationsJournal of the ACM10.1145/365344571:4(1-49)Online publication date: 18-Apr-2024
https://dl.acm.org/doi/10.1145/3653445
Miao GWu S(2024)Efficient Privacy-Preserving Logistic Model With Malicious SecurityIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.340231919(5751-5766)Online publication date: 17-May-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3402319
Graf MKüsters RRausch DEgger SBechtold MFlinspach M(2024)Accountable Bulletin Boards: Definition and Provably Secure Implementation2024 IEEE 37th Computer Security Foundations Symposium (CSF)10.1109/CSF61375.2024.00013(201-216)Online publication date: 8-Jul-2024
https://doi.org/10.1109/CSF61375.2024.00013
Wu ZZhang DLi YLi CHan X(2024)PRSD: Efficient protocol for privacy-preserving retrieval of sensitive data based on labeled PSIComputer Networks10.1016/j.comnet.2024.110649251(110649)Online publication date: Sep-2024
https://doi.org/10.1016/j.comnet.2024.110649
Badertscher CMaurer UTschudi DZikas V(2024)Bitcoin as a Transaction Ledger: A Composable TreatmentJournal of Cryptology10.1007/s00145-024-09493-737:2Online publication date: 4-Apr-2024
https://doi.org/10.1007/s00145-024-09493-7
Golenkov AMyshko YNissenbaum ORenev A(2024)Guaranteed Output Delivery with More than 1/3 of Malicious Corruption for Client Server MPC Protocols and ApplicationsAISMA-2024: International Workshop on Advanced Information Security Management and Applications10.1007/978-3-031-72171-7_8(76-88)Online publication date: 16-Oct-2024
https://doi.org/10.1007/978-3-031-72171-7_8
Luo NWeng CSingh JTan GRaykova MPiskac R(2024)Privacy-Preserving Regular Expression Matching Using TNFAComputer Security – ESORICS 202410.1007/978-3-031-70890-9_12(225-246)Online publication date: 16-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-70890-9_12
Ostrovsky B(2024)Privacy-Preserving DijkstraAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68400-5_3(74-110)Online publication date: 16-Aug-2024
https://doi.org/10.1007/978-3-031-68400-5_3
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents