Cryptology ePrint Archive: Report 2011/355

On the (Non-)Equivalence of UC Security Notions

Oana Ciobotaru

Abstract: Over the years, various security notions have been proposed in order to cope with a wide range of security scenarios. Recently, the study of security notions has been extended towards comparing cryptographic definitions of secure implementation with game-theoretic definitions of universal implementation of a trusted mediator. In this work we go a step further: We define the notion of game universal implementation and we show it is equivalent to weak stand-alone security. Thus, we are able to answer positively the open question from [Halpern&Pass2010] regarding the existence of game-theoretic definitions that are equivalent to cryptographic security notions for which the ideal world simulator does not depend on both the distinguisher and the input distribution.

Moreover, we investigate the propagation of the weak stand-alone security notion through the existing security hierarchy, from stand-alone to universal composability. Our main achievement in this direction is a separation result between two variants of the UC security definition: 1-bit specialized simulator UC security and specialized simulator UC security. This solves an open question from [Lindell03] and comes in contrast with the well known equivalence result between 1-bit UC security and UC security. We also show that weak security under 1-bounded concurrent general composition is equivalent to 1-bit specialized simulator UC security. As a consequence, we obtain that the notion of weak stand-alone security and the notion of stand-alone security are not equivalent.

Category / Keywords: security models; UC security; time-lock puzzles; game theory

Date: received 1 Jul 2011, last revised 10 May 2012

Contact author: ociobota at mpi-inf mpg de

Available format(s): PDF | BibTeX Citation

Note: Minor style and other corrections.

Version: 20120510:112552 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]