Paper 2000/067
Universally Composable Security: A New Paradigm for Cryptographic Protocols
Ran Canetti
Abstract
We propose a new paradigm for defining security of cryptographic protocols, called {\sf universally composable security.} The salient property of universally composable definitions of security is that they guarantee security even when a secure protocol is composed with an arbitrary set of protocols, or more generally when the protocol is used as a component of an arbitrary system. This is an essential property for maintaining security of cryptographic protocols in complex and unpredictable environments such as the Internet. In particular, universally composable definitions guarantee security even when an unbounded number of protocol instances are executed concurrently in an adversarially controlled manner, they guarantee non-malleability with respect to arbitrary protocols, and more. We show how to formulate universally composable definitions of security for practically any cryptographic task. Furthermore, we demonstrate that practically any such definition can be realized using known general techniques, as long as only a minority of the participants are corrupted. We then proceed to formulate universally composable definitions of a wide array of cryptographic tasks, including authenticated and secure communication, key-exchange, public-key encryption, signature, commitment, oblivious transfer, zero-knowledge, and more. We also make initial steps towards studying the realizability of the proposed definitions in other natural settings.
Note: This is a new and updated version, containing more results and (hopefully) better eplanations and discussions.
Metadata
- Available format(s)
- PS
- Category
- Foundations
- Publication info
- Published elsewhere. Extended Abstract appeared in proceedings of the 42nd Symposium on Foundations of Computer Science (FOCS), 2001. Previous version was entitled "A unified framework for analyzing security of protocols".
- Keywords
- cryptographic protocolssecurity analysis of protocolsconcurrent composition.
- Contact author(s)
- canetti @ watson ibm com
- History
- 2020-02-12: last of 15 revisions
- 2000-12-23: received
- See all versions
- Short URL
- https://ia.cr/2000/067
- License
-
CC BY