-
[show abstract]
[hide abstract]
ABSTRACT: The recently proposed universally composable security framework for analyzing security of cryptographic
protocols provides very strong security guarantees. In particular,
a protocol proven secure in this framework is guaranteed to
maintain its security even when run concurrently with arbitrary
other protocols. It has been shown that if a majority of the parties are
honest, then universally composable
protocols exist for essentially any cryptographic task
in the plain model (i.e., with no set-up assumptions beyond that of
authenticated communication).
When honest majority is not guaranteed, general feasibility results are
known only when given a trusted set-up, such as in the common reference string
model. Only little was known regarding the existence of
universally composable protocols in the plain model without
honest majority, and in particular regarding the
important special case of two-party protocols. We study the
feasibility of universally composable two-party function
evaluation in the plain model. Our results show that in this
setting, very few functions can be securely computed in the
framework of universal composability. We demonstrate this by
providing broad impossibility results that apply to large classes
of deterministic and probabilistic functions. For some of these
classes, we also present full characterizations of what can and
cannot be securely realized in the framework of universal
composability. Specifically, our characterizations are for the
classes of deterministic functions in which (a) both parties
receive the same output, (b) only one party receives output, and
(c) only one party has input.
Journal of Cryptology 03/2006; 19(2):135-167. · 1.25 Impact Factor
-
Advances in Cryptology - CRYPTO 2006, 26th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20-24, 2006, Proceedings; 01/2006
-
[show abstract]
[hide abstract]
ABSTRACT: We propose and realize a definition of security for password-based key exchange within the framework of universally composable
(UC) security, thus providing security guarantees under arbitrary composition with other protocols. In addition, our definition
captures some aspects of the problem that were not adequately addressed by most prior notions. For instance, it does not assume
any underlying probability distribution on passwords, nor does it assume independence between passwords chosen by different
parties. We also formulate a definition of password-based secure channels, and show that such a definition is achievable given
password-based key exchange.
Our protocol realizing the new definition of password-based key exchange is in the common reference string model and relies
on standard number-theoretic assumptions. The components of our protocol can be instantiated to give a relatively efficient
solution which is conceivably usable in practice. We also show that it is impossible to satisfy our definition in the “plain”
model (e.g., without a common reference string).
05/2005: pages 557-557;
-
IACR Cryptology ePrint Archive. 01/2005; 2005:196.
-
Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings; 01/2005
-
[show abstract]
[hide abstract]
ABSTRACT: The recently proposed universally composable (UC) security framework for analyzing security of cryptographic protocols provides very strong security guarantees. In particular, a protocol proven secure in this framework is guaranteed to maintain its security even when run concurrently with arbitrary other protocols. It has been shown that if a majority of the parties are honest, then universally composable protocols exist for essentially any cryptographic task in the plain model (i.e., with no setup assumptions beyond that of authenticated communication) . When honest majority is not guaranteed, general feasibility results are known only given trusted set-up, such as in the common reference string model. Only little was known regarding the existence of universally composable protocols in the plain model without honest majority, and in particular regarding the important special case of two-party protocols.
06/2004;
-
[show abstract]
[hide abstract]
ABSTRACT: We show how to securely realize any two-party and multi-party functionality in a universally composable way, regardless of the number of corrupted participants. That is, we consider an asynchronous multi-party network with open communication and an adversary that can adaptively corrupt as many parties as it wishes. In this setting, our protocols allow any subset of the parties (with pairs of parties being a special case) to securely realize any desired functionality of their local inputs, and be guaranteed that security is preserved regardless of the activity in the rest of the network. This implies that security is preserved under concurrent composition of an unbounded number of protocol executions, it implies non-malleability with respect to arbitrary protocols, and more. Our constructions are in the common reference string model and rely on standard intractability assumptions.
08/2003;
-
Advances in Cryptology - EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, Warsaw, Poland, May 4-8, 2003, Proceedings; 01/2003
-
[show abstract]
[hide abstract]
ABSTRACT: The recently proposed universally composable (UC) security framework, for analyzing security of cryptographic protocols, provides very strong security guarantees. In particular, a
protocol proven secure in this framework is guaranteed to maintain its security even when deployed in arbitrary multi-party,
multi-protocol, multi-execution environments.
Protocols for securely carrying out essentially any cryptographic task in a universally composable way exist, both in the
case of an honest majority (in the plain model, i.e., without set-up assumptions) and in the case of no honest majority (in
the common reference string model). However, in the plain model, little was known for the case of no honest majority and,
in particular, for the important special case of two-party protocols.
We study the feasibility of universally composable two-party function evaluation in the plain model. Our results show that very few functions can be computed in this model so as to provide the UC security
guarantees. Specifically, for the case of deterministic functions, we provide a full characterization of the functions computable in this model. (Essentially, these are the functions
that depend on at most one of the parties’ inputs, and furthermore are “efficiently invertible” in a sense defined within.)
For the case of probabilistic functions, we show that the only functions computable in this model are those where one of the parties can essentially uniquely
determine the joint output.
12/2002: pages 646-646;
