Paper 2019/065
Multi-Protocol UC and its Use for Building Modular and Efficient Protocols
Jan Camenisch, Manu Drijvers, and Björn Tackmann
Abstract
We want to design and analyze protocols in a modular way by combining idealized components that we realize individually. While this is in principle possible using security frameworks that provide generic composition theorems, we notice that actually applying this methodology in practical protocols is far from trivial and, worse, is sometimes not even possible. As an example, we use a natural combination of zero-knowledge proofs with signature and commitment schemes, where the goal to have a party prove in zero-knowledge that it knows a signature on a committed message, i.e., prove knowledge of a witness to a statement involving algorithms of the signature and commitment scheme. We notice that, unfortunately, the composition theorem of the widely used UC framework does allow one to modularly prove the security of this example protocol. We then describe a new variant of the UC framework, multi-protocol UC, and show a composition theorem that generalizes the one from the standard framework. We use this new framework to provide a modular analysis of a practical protocol that follows the above structure and is based on discrete-logarithm-based primitives. Besides the individual security proofs of the protocol components, we also describe a new methodology for idealizing them as components that can then be composed.
Metadata
- Available format(s)
- Publication info
- Preprint. MINOR revision.
- Contact author(s)
-
jan @ dfinity org
manu @ dfinity org
bta @ zurich ibm com - History
- 2019-01-25: received
- Short URL
- https://ia.cr/2019/065
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/065, author = {Jan Camenisch and Manu Drijvers and Björn Tackmann}, title = {Multi-Protocol {UC} and its Use for Building Modular and Efficient Protocols}, howpublished = {Cryptology {ePrint} Archive, Paper 2019/065}, year = {2019}, url = {https://eprint.iacr.org/2019/065} }