Universally Composable Protocols with Relaxed Set-Up Assumptions

Barak, Boaz; Canetti, Ran; Nielsen, Jesper Buus; Pass, Rafael

doi:10.1109/focs.2004.71

Cited by 120 publications

(176 citation statements)

References 18 publications

Supporting

Mentioning

175

Contrasting

Order By: Relevance

“…Following the work of [49], the task of constructing UC secure protocols from any setup assumption reduces to the task of constructing a UC-puzzle in the hybrid model of the corresponding setup. 6 We obtain our positive result by following the same route. Specifically, we construct a "family of UC-puzzles" in the G wrap -hybrid model.…”

Section: Uc With Leaky Tokensmentioning

confidence: 63%

“…In order to obtain our positive result, we build on the recent work of Lin et al [49] which puts forward a unified framework for designing UC secure protocols from known setup assumptions [12,13,43,6]. Lin et al observe that a general technique for constructing UC secure protocols is to have the simulator obtain a "trapdoor string" which is hard to compute for the adversary.…”

Section: Uc With Leaky Tokensmentioning

confidence: 99%

See 1 more Smart Citation

Leakage-Resilient Zero Knowledge

Garg

Jain

Sahai

2011

Advances in Cryptology – CRYPTO 2011

View full text Add to dashboard Cite

Abstract. In this paper, we initiate a study of zero knowledge proof systems in the presence of side-channel attacks. Specifically, we consider a setting where a cheating verifier is allowed to obtain arbitrary bounded leakage on the entire state (including the witness and the random coins) of the prover during the entire protocol execution. We formalize a meaningful definition of leakage-resilient zero knowledge (LR-ZK) proof system, that intuitively guarantees that the protocol does not yield anything beyond the validity of the statement and the leakage obtained by the verifier.We give a construction of LR-ZK interactive proof system based on standard general assumptions. To the best of our knowledge, this is the first instance of a cryptographic interactive protocol where the adversary is allowed to perform leakage attacks during the protocol execution on the entire state of honest party (in contrast, prior work only considered leakage prior to the protocol execution, or very limited leakage during the protocol execution). Next, we give an LR-NIZK proof system based on standard number-theoretic assumptions.Finally, we demonstrate the usefulness of our notions by giving two concrete applications:-We initiate a new line of research to relax the assumption on the "tamper-proofness" of hardware tokens used in the design of various cryptographic protocols. In particular, we give a construction of a universally composable multiparty computation protocol in the leaky token model (where an adversary in possession of a token is allowed to obtain arbitrary bounded leakage on the entire state of the token) based on standard general assumptions. -Next, we give simple, generic constructions of fully leakage-resilient signatures in the bounded leakage model as well as the continual leakage model. Unlike the recent constructions of such schemes, we also obtain security in the "noisy leakage" model.

show abstract

Section: Uc With Leaky Tokensmentioning

confidence: 63%

Section: Uc With Leaky Tokensmentioning

confidence: 99%

Leakage-Resilient Zero Knowledge

Garg

Jain

Sahai

2011

Advances in Cryptology – CRYPTO 2011

View full text Add to dashboard Cite

show abstract

“…Unfortunately, most interesting cryptographic tasks are impossible to realize in the "plain" UC framework when an honest majority cannot be assumed and, in particular, in the setting of twoparty computation [9,10,44]. This negative result has motivated researchers to explore various extensions/variants of the plain UC framework in which secure computation can be achieved [8], with notable examples being the assumption of a common reference string (CRS) [7,9,11] or a public-key infrastructure [7,4]. In the real world, implementing either of these approaches seems to require the existence of some trusted entity that parties agree to use (though see [12] for some ideas on using a naturally occurring high-entropy source in place of a CRS).…”

Section: Introductionmentioning

confidence: 99%

(Efficient) Universally Composable Oblivious Transfer Using a Minimal Number of Stateless Tokens

et al. 2018

View full text Add to dashboard Cite

We continue the line of work initiated by Katz (Eurocrypt 2007) on using tamper-proof hardware tokens for universally composable secure computation. As our main result, we show an oblivious-transfer (OT) protocol in which two parties each create and transfer a single, stateless token and can then run an unbounded number of OTs. We also show a more efficient protocol, based only on standard symmetric-key primitives (block ciphers and collision-resistant hash functions), that can be used if a bounded number of OTs suffice.Motivated by this result, we investigate the number of stateless tokens needed for universally composable OT. We prove that our protocol is optimal in this regard for constructions making black-box use of the tokens (in a sense we define). We also show that nonblack-box techniques can be used to obtain a construction using only a single stateless token.

show abstract

“…In [10] it was shown that given a CRS, any functionality has a UC secure realisation. Furthermore, in [1] it was shown that the same holds for a PKI. 14 However, given a ZK functionality, commitments can be realised even with respect to long-term UC.…”

Section: Commitmentmentioning

confidence: 79%

“…First, we see that if prover and verifier are both honest, the verifier will always accept. This is due to the fact that for a Blum-integer n, a random residue is a square with probability at least 1 4 . Now we consider the case that the verifier is corrupted.…”

Section: Theorem 3 (Zk For Blum-integers Using Coin Toss) Assume Thamentioning

confidence: 99%

Long-Term Security and Universal Composability

Müller-Quade

Unruh

Theory of Cryptography

View full text Add to dashboard Cite

Abstract. Algorithmic progress and future technology threaten today's cryptographic protocols. Long-term secure protocols should not even in future reveal more information to a-then possibly unlimited-adversary.In this work we initiate the study of protocols which are long-term secure and universally composable. We show that the usual set-up assumptions used for UC protocols (e.g., a common reference string) are not sufficient to achieve long-term secure and composable protocols for commitments or general zero knowledge arguments. Surprisingly, nontrivial zero knowledge protocols are possible based on a coin tossing functionality: We give a long-term secure composable zero knowledge protocol proving the knowledge of the factorisation of a Blum integer.Furthermore we give practical alternatives (e.g., signature cards) to the usual setup-assumptions and show that these allow to implement the important primitives commitment and zero-knowledge argument.

show abstract

Universally Composable Protocols with Relaxed Set-Up Assumptions

Cited by 120 publications

References 18 publications

Leakage-Resilient Zero Knowledge

Leakage-Resilient Zero Knowledge

(Efficient) Universally Composable Oblivious Transfer Using a Minimal Number of Stateless Tokens

Long-Term Security and Universal Composability

Contact Info

Product

Resources

About