You are looking at a specific version 20091206:194455 of this paper. See the latest version.

Paper 2009/247

On the Necessary and Sufficient Assumptions for UC Computation

Ivan Damgård and Jesper Buus Nielsen and Claudio Orlandi

Abstract

We study the necessary and sufficient assumptions for universally composable (UC) computation, both in terms of setup and computational assumptions. We look at the common reference string model, the common random string model and the key-registration authority (KRA) model, and provide new result for all of them. Perhaps most interestingly we show that: - For even the minimal meaningful KRA, where we only assume that the secret key is a value which is hard to compute from the public key, one can UC securely compute any poly-time functionality if there exists a passive secure oblivious-transfer protocol for the stand-alone model. Since a KRA where the secret keys can be computed from the public keys is useless, and some setup assumption is needed for UC secure computation, this establishes the best we could hope for the KRA model: any non-trivial KRA is sufficient for UC computation. - We show that in the KRA model one-way functions are sufficient for UC commitment and UC zero-knowledge. These are the first examples of UC secure protocols for non-trivial tasks which do not assume the existence of public-key primitives. In particular, the protocols show that non-trivial UC computation is possible in Minicrypt.

Metadata
Available format(s)
PDF PS
Category
Foundations
Publication info
Published elsewhere. Full version of a TCC 2010 paper
Keywords
UC securitysetup assumptionspublic-key infrastructurecommon reference string
Contact author(s)
claudio @ cs au dk
History
2009-12-06: last of 3 revisions
2009-05-30: received
See all versions
Short URL
https://ia.cr/2009/247
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.