This is the first paper to study protocols which are simultaneously long-term secure and universally composable. We show that the usual set-up assumptions used for UC protocols (e.g., a common reference string) are not sufficient to achieve long-term secure and composable protocols for commitments or zero-knowledge protocols.
We give practical alternatives (e.g., signature cards) to these usual setup-assumptions and show that these enable the implementation of the important primitives commitment and zero-knowledge protocols.Category / Keywords: Universal Composability, long-term security, zero-knowledge, commitment schemes Publication Info: To appear in the Journal of Cryptology Date: received 16 Nov 2006, last revised 28 Apr 2010 Contact author: unruh at mmci uni-saarland de Available formats: PDF | BibTeX Citation Note: Original version 2006-11-19.
Revised 2007-01-27: Incorporated TCC referee comments.
Revised 2009-08-10: Strongly extended and (hopefully) improved version. (Thanks to Oded Goldreich for many comments.)
Revised 2010-04-28: Many corrections and improvements. Also contains an additional section on generalising the notion of long-term revealing functionalities. (Thanks to the reviewers of the Journal of Cryptology for comments.)Version: 20100428:095039 (All versions of this report) Discussion forum: Show discussion | Start new discussion