In this paper we address this problem, by introducing a general methodology for the sound specification of ideal functionalities. First, we introduce the class of {\em canonical} ideal functionalities for a cryptographic task, which unifies the syntactic specification of a large class of cryptographic tasks under the same basic template functionality. % Furthermore, this representation enables the isolation of the individual properties of a cryptographic task as separate members of the corresponding class. By endowing the class of canonical functionalities with an algebraic structure we are able to combine basic functionalities to a single final canonical functionality for a given task. Effectively, this puts forth a bottom-up approach for the specification of ideal functionalities: first one defines a set of basic constituent functionalities for the task at hand, and then combines them into a single ideal functionality taking advantage of the algebraic structure.
In our framework, the constituent functionalities of a task can be derived either directly or, following a translation strategy we introduce, from existing game-based definitions; such definitions have in many cases captured desired individual properties of cryptographic tasks, albeit in less adversarial settings. Our translation methodology entails a sequence of steps that systematically derive a corresponding canonical functionality given a game-based definition, effectively ``lifting'' the game-based definition to its composition-safe version.
We showcase our methodology by applying it to a variety of basic cryptographic tasks, including commitments, digital signatures, zero-knowledge proofs, and oblivious transfer. While in some cases our derived canonical functionalities are equivalent to existing formulations, thus attesting to the validity of our approach, in others they differ, enabling us to ``debug'' previous definitions and pinpoint their shortcomings.
Category / Keywords: cryptographic protocols / universal composability, security definitions, lattices and partial orders Date: received 24 Mar 2008, last revised 12 Mar 2010 Contact author: hszhou at cse uconn edu Available format(s): PDF | BibTeX Citation Version: 20100312:155441 (All versions of this report) Short URL: ia.cr/2008/132