Paper 2021/1218

Algebraic Adversaries in the Universal Composability Framework

Michel Abdalla, Manuel Barbosa, Jonathan Katz, Julian Loss, and Jiayu Xu


The algebraic-group model (AGM), which lies between the generic group model and the standard model of computation, provides a means by which to analyze the security of cryptosystems against so-called algebraic adversaries. We formalize the AGM within the framework of universal composability, providing formal definitions for this setting and proving an appropriate composition theorem. This extends the applicability of the AGM to more-complex protocols, and lays the foundations for analyzing algebraic adversaries in a composable~fashion. Our results also clarify the meaning of composing proofs in the AGM with other proofs and they highlight a natural form of independence between idealized groups that seems inherent to the AGM and has not been made formal before---these insights also apply to the composition of game-based proofs in the AGM. We show the utility of our model by proving several important protocols universally composable for algebraic adversaries, specifically: (1) the Chou-Orlandi protocol for oblivious transfer, and (2) the SPAKE2 and CPace protocols for password-based authenticated key exchange.

Note: Minor clarification in CO proof.

Available format(s)
Publication info
A minor revision of an IACR publication in Asiacrypt 2021
Universal ComposabilityAlgebraic Group Model
Contact author(s)
mbb @ fc up pt
2021-12-04: last of 9 revisions
2021-09-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Michel Abdalla and Manuel Barbosa and Jonathan Katz and Julian Loss and Jiayu Xu},
      title = {Algebraic Adversaries in the Universal Composability Framework},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1218},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.