Paper 2022/224

Embedding the UC Model into the IITM Model

Daniel Rausch, Ralf Kuesters, and Céline Chevalier

Abstract

Universal Composability is a widely used concept for the design and analysis of protocols. Since Canetti's original UC model and the model by Pfitzmann and Waidner several different models for universal composability have been proposed, including, for example, the IITM model, GNUC, CC, but also extensions and restrictions of the UC model, such as JUC, GUC, and SUC. These were motivated by the lack of expressivity of existing models, ease of use, or flaws in previous models. Cryptographers choose between these models based on their needs at hand (e.g., support for joint state and global state) or simply their familiarity with a specific model. While all models follow the same basic idea, there are huge conceptually differences, which raises fundamental and practical questions: (How) do the concepts and results proven in one model relate to those in another model? Do the different models and the security notions formulated therein capture the same classes of attacks? Most importantly, can cryptographers re-use results proven in one model in another model, and if so, how? In this paper, we initiate a line of research with the aim to address this lack of understanding, consolidate the space of models, and enable cryptographers to re-use results proven in other models. As a start, here we focus on Canetti's prominent UC model and the IITM model proposed by Kuesters et al. The latter is an interesting candidate for comparison with the UC model since it has been used to analyze a wide variety of protocols, supports a very general protocol class and provides, among others, seamless treatment of protocols with shared state, including joint and global state. Our main technical contribution is an embedding of the UC model into the IITM model showing that all UC protocols, security and composition results carry over to the IITM model. Hence, protocol designers can profit from the features of the IITM model while being able to use all their results proven in the UC model. We also show that, in general, one cannot embed the full IITM model into the UC model.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A major revision of an IACR publication in Eurocrypt 2022
Keywords
Universal ComposabilityUC ModelIITM Model
Contact author(s)
daniel rausch @ sec uni-stuttgart de
ralf kuesters @ sec uni-stuttgart de
celine chevalier @ ens fr
History
2022-02-25: received
Short URL
https://ia.cr/2022/224
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/224,
      author = {Daniel Rausch and Ralf Kuesters and Céline Chevalier},
      title = {Embedding the UC Model into the IITM Model},
      howpublished = {Cryptology ePrint Archive, Paper 2022/224},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/224}},
      url = {https://eprint.iacr.org/2022/224}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.