Paper 2020/1489

On the (Ir)Replaceability of Global Setups, or How (Not) to Use a Global Ledger

Christian Badertscher
Julia Hesse
Vassilis Zikas
Abstract

In universally composable (UC) security, a global setup is intended to capture the ideal behavior of a primitive which is accessible by multiple protocols, allowing them to share state. A representative example is the Bitcoin ledger. Indeed, since Bitcoin---and more generally blockchain ledgers---are known to be useful in various scenarios, it has become increasingly popular to capture such ledgers as global setup. Intuitively, one would expect UC to allow us to make security statements about protocols that use such a global setup, e.g., a global ledger, which can then be automatically translated into the setting where the setup is replaced by a protocol implementing it, such as Bitcoin. We show that the above reasoning is flawed and such a generic security-preserving replacement can only work under very (often unrealistic) strong conditions on the global setup and the security statement. For example, the UC security of Bitcoin for realizing a ledger proved by Badertscher et al. [CRYPTO'17] is not sufficient per se to allow us to replace the ledger by Bitcoin when used as a global setup. In particular, we cannot expect that all security statements in the global ledger-hybrid world would be preserved when using Bitcoin as a ledger. On the positive side, we provide characterizations of security statements for protocols that make use of global setups, for which the replacement is sound. Our results can be seen as a first guide on how to navigate the very tricky question of what constitutes a ``good'' global setup and how to use it in order to keep the modular protocol-design approach intact.

Note: Minor revision of presentation of the results

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A minor revision of an IACR publication in TCC 2021
Keywords
Composable Security Global Setup
Contact author(s)
christian badertscher @ iohk io
jhs @ zurich ibm com
vzikas @ cs purdue edu
History
2022-09-23: last of 3 revisions
2020-11-29: received
See all versions
Short URL
https://ia.cr/2020/1489
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1489,
      author = {Christian Badertscher and Julia Hesse and Vassilis Zikas},
      title = {On the (Ir)Replaceability of Global Setups, or How (Not) to Use a Global Ledger},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/1489},
      year = {2020},
      url = {https://eprint.iacr.org/2020/1489}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.