Cryptology ePrint Archive: Report 2007/475
Obtaining Universally Composable Security: Towards the Bare Bones of Trust
Abstract: A desirable goal for cryptographic protocols is to guarantee security
when the protocol is composed with other protocol instances. Universally Composable (UC) security provides this guarantee in a strong sense: A UC-secure protocol maintains its security properties even when composed concurrently with an unbounded number of instances of arbitrary protocols. However, many interesting cryptographic tasks are provably impossible to realize with UC security in the standard, ``plain'' model of computation. Impossibility holds even if ideally authenticated communication channels are provided. In contrast, it has been demonstrated that general secure computation can be obtained in a number of idealized models. Each one of these models represents a form of trust that is put in some of the system's components.
This survey examines and compares some of these trust models, both
from the point of view of their sufficiency for building UC secure
protocols, and from the point of view of their practical realizability. We start with the common reference string (CRS) model, and then describe several relaxations and alternatives including the Defective CRS model, the key registration models, the hardware token model, the global and augmented CRS models, and a timing assumption.
Finally, we briefly touch upon trust models for obtaining
Category / Keywords: cryptographic protocols / protocol composition, universal composition, trust assumptions, survey
Publication Info: This is an updated version of a survey that appears in the proceedings of Asiacrypt 2007.
Date: received 18 Dec 2007, last revised 18 Dec 2007
Contact author: canetti at csail mit edu
Available formats: PDF | BibTeX Citation
Version: 20071219:141623 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]