Paper 2007/475

Obtaining Universally Composable Security: Towards the Bare Bones of Trust

Ran Canetti


A desirable goal for cryptographic protocols is to guarantee security when the protocol is composed with other protocol instances. Universally Composable (UC) security provides this guarantee in a strong sense: A UC-secure protocol maintains its security properties even when composed concurrently with an unbounded number of instances of arbitrary protocols. However, many interesting cryptographic tasks are provably impossible to realize with UC security in the standard, ``plain'' model of computation. Impossibility holds even if ideally authenticated communication channels are provided. In contrast, it has been demonstrated that general secure computation can be obtained in a number of idealized models. Each one of these models represents a form of trust that is put in some of the system's components. This survey examines and compares some of these trust models, both from the point of view of their sufficiency for building UC secure protocols, and from the point of view of their practical realizability. We start with the common reference string (CRS) model, and then describe several relaxations and alternatives including the Defective CRS model, the key registration models, the hardware token model, the global and augmented CRS models, and a timing assumption. Finally, we briefly touch upon trust models for obtaining authenticated communication.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. This is an updated version of a survey that appears in the proceedings of Asiacrypt 2007.
protocol compositionuniversal compositiontrust assumptionssurvey
Contact author(s)
canetti @ csail mit edu
2007-12-19: received
Short URL
Creative Commons Attribution


      author = {Ran Canetti},
      title = {Obtaining Universally Composable Security: Towards the Bare Bones of Trust},
      howpublished = {Cryptology ePrint Archive, Paper 2007/475},
      year = {2007},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.