Paper 2016/034

Universal Composition with Responsive Environments

Jan Camenisch, Robert R. Enderlein, Stephan Krenn, Ralf Kuesters, and Daniel Rausch


In universal composability frameworks, adversaries (or environments) and protocols/ideal functionalities often have to exchange meta-information on the network interface, such as algorithms, keys, signatures, ciphertexts, signaling information, and corruption-related messages. For these purely modeling-related messages, which do not reflect actual network communication, it would often be very reasonable and natural for adversaries/environments to provide the requested information immediately or give control back to the protocol/functionality immediately after having received some information. However, in none of the existing models for universal composability is this guaranteed. We call this the \emph{non-responsiveness problem}. As we will discuss in the paper, while formally non-responsiveness does not invalidate any of the universal composability models, it has many disadvantages, such as unnecessarily complex specifications and less expressivity. Also, this problem has often been ignored in the literature, leading to ill-defined and flawed specifications. Protocol designers really should not have to care about this problem at all, but currently they have to: giving the adversary/environment the option to not respond immediately to modeling-related requests does not translate to any real attack scenario. This paper solves the non-responsiveness problem and its negative consequences completely, by avoiding this artificial modeling problem altogether. We propose the new concepts of responsive environments and adversaries. Such environments and adversaries must provide a valid response to modeling-related requests before any other protocol/functionality is activated. Hence, protocol designers do no longer have to worry about artifacts resulting from such requests not being answered promptly. Our concepts apply to all existing models for universal composability, as exemplified for the UC, GNUC, and IITM models, with full definitions and proofs (simulation relations, transitivity, equivalence of various simulation notions, and composition theorems) provided for the IITM model.

Note: Editorial changes only. This is the full version of the ASIACRYPT 2016 paper.

Available format(s)
Publication info
Published elsewhere. MAJOR revision.ASIACRYPT 2016
universal composabilityprotocol designcryptographic security proofsresponsive environments
Contact author(s)
kuesters @ uni-trier de
2016-09-08: last of 2 revisions
2016-01-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jan Camenisch and Robert R.  Enderlein and Stephan Krenn and Ralf Kuesters and Daniel Rausch},
      title = {Universal Composition with Responsive Environments},
      howpublished = {Cryptology ePrint Archive, Paper 2016/034},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.