Paper 2019/065

Multi-Protocol UC and its Use for Building Modular and Efficient Protocols

Jan Camenisch, Manu Drijvers, and Björn Tackmann


We want to design and analyze protocols in a modular way by combining idealized components that we realize individually. While this is in principle possible using security frameworks that provide generic composition theorems, we notice that actually applying this methodology in practical protocols is far from trivial and, worse, is sometimes not even possible. As an example, we use a natural combination of zero-knowledge proofs with signature and commitment schemes, where the goal to have a party prove in zero-knowledge that it knows a signature on a committed message, i.e., prove knowledge of a witness to a statement involving algorithms of the signature and commitment scheme. We notice that, unfortunately, the composition theorem of the widely used UC framework does allow one to modularly prove the security of this example protocol. We then describe a new variant of the UC framework, multi-protocol UC, and show a composition theorem that generalizes the one from the standard framework. We use this new framework to provide a modular analysis of a practical protocol that follows the above structure and is based on discrete-logarithm-based primitives. Besides the individual security proofs of the protocol components, we also describe a new methodology for idealizing them as components that can then be composed.

Available format(s)
Publication info
Preprint. MINOR revision.
Contact author(s)
jan @ dfinity org
manu @ dfinity org
bta @ zurich ibm com
2019-01-25: received
Short URL
Creative Commons Attribution


      author = {Jan Camenisch and Manu Drijvers and Björn Tackmann},
      title = {Multi-Protocol UC and its Use for Building Modular and Efficient Protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2019/065},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.