Cryptology ePrint Archive: Report 2019/065

Multi-Protocol UC and its Use for Building Modular and Efficient Protocols

Jan Camenisch and Manu Drijvers and Björn Tackmann

Abstract: We want to design and analyze protocols in a modular way by combining idealized components that we realize individually. While this is in principle possible using security frameworks that provide generic composition theorems, we notice that actually applying this methodology in practical protocols is far from trivial and, worse, is sometimes not even possible. As an example, we use a natural combination of zero-knowledge proofs with signature and commitment schemes, where the goal to have a party prove in zero-knowledge that it knows a signature on a committed message, i.e., prove knowledge of a witness to a statement involving algorithms of the signature and commitment scheme. We notice that, unfortunately, the composition theorem of the widely used UC framework does allow one to modularly prove the security of this example protocol. We then describe a new variant of the UC framework, multi-protocol UC, and show a composition theorem that generalizes the one from the standard framework. We use this new framework to provide a modular analysis of a practical protocol that follows the above structure and is based on discrete-logarithm-based primitives. Besides the individual security proofs of the protocol components, we also describe a new methodology for idealizing them as components that can then be composed.

Category / Keywords:

Date: received 19 Jan 2019

Contact author: jan at dfinity org,manu@dfinity org,bta@zurich ibm com

Available format(s): PDF | BibTeX Citation

Version: 20190125:220045 (All versions of this report)

Short URL: ia.cr/2019/065


[ Cryptology ePrint archive ]