Universally Composable Security with Global Setup

Ran Canetti
IBM Thomas J. Watson Research Center

Current modeling of security in the presence of globally available set-up
information falls short of providing the expected security guarantees.
A quintessential example for this phenomenon is the {\em deniability}
concern: There exist natural protocols that meet the strongest known
composable security notions, and are still vulnerable to bad
interactions with rogue protocols that use the same set-up.

We extend of the notion of universally composable (UC) security
in a way that re-establishes its original intuitive guarantee even for
protocols that use globally available set-up. The new formulation prevents
bad interactions even with adaptively chosen protocols that use the
same set-up. In particular, it guarantees deniability.
While for protocols that use no set-up the proposed requirements are
the same as in traditional UC security, for protocols that use global
set-up the proposed requirements are significantly stronger.
In fact, realizing Zero Knowledge or commitment becomes provably
impossible even in the Common Reference String model.
Still, we propose reasonable alternative set-up assumptions and protocols
that allow realizing practically any cryptographic task under standard
hardness assumptions.
In the case of non-adaptive party corruptions the protocols are
those of Barak et.al (FOCS'04). For adaptive corruptions new protocols and
new proof techniques are developed.

Joint work with Yevgeniy Dodis, Rafael Pass and Shabsi Walfish.

Audio (MP3 File, Podcast Ready)

Back to Workshop III: Foundations of secure multi-party computation and zero-knowledge and its applications