Cryptology ePrint Archive: Report 2016/1043

Concurrently Composable Security With Shielded Super-polynomial Simulators

Brandon Broadnax and Nico Döttling and Gunnar Hartung and Jörn Müller-Quade and Matthias Nagel

Abstract: We propose a new framework for concurrently composable security that relaxes the security notion of UC security. As in previous frameworks, our notion is based on the idea of providing the simulator with super-polynomial resources. However, in our new framework simulators are only given restricted access to the results computed in super-polynomial time. This is done by modeling the super-polynomial resource as a stateful oracle that may directly interact with a functionality without the simulator seeing the communication. We call these oracles shielded oracles.

Our notion is fully compatible with the UC framework, i.e., protocols proven secure in the UC framework remain secure in our framework. Furthermore, our notion lies strictly between SPS and Angel-based security, while being closed under protocol composition.

Shielding away super-polynomial resources allows us to apply new proof techniques where we can replace super-polynomial entities by indistinguishable polynomially bounded entities. This allows us to construct secure protocols in the plain model using weaker primitives than in previous composable frameworks involving simulators with super-poly resources. In particular, we only use non-adaptive-CCA-secure commitments as a building block in our constructions. As a feasibility result, we present a constant-round general MPC protocol in the plain model based on standard assumptions that is secure in our framework.

Category / Keywords: foundations / universal composability, protocol design, cryptographic security proofs

Date: received 4 Nov 2016, last revised 7 Nov 2016

Contact author: matthias nagel at kit edu

Available format(s): PDF | BibTeX Citation

Note: Fixed typos and minor changes in wording to clarify some details. In the previous version the parallel, non-adaptive CCA oracle was called by different names and is now called non-adaptive CCA oracle (hopefully) everywhere to avoid confusion of the reader.

Version: 20161107:082834 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]