Can universally composable cryptographic protocols be practical?

Full Text (PDF, 381KB), PP.23-34

Views: 0 Downloads: 0


Istvan Vajda 1,*

1. Technical University of Budapest, Department of Informatics, Budapest, Hungary

* Corresponding author.


Received: 11 Feb. 2015 / Revised: 12 May 2015 / Accepted: 20 Jul. 2015 / Published: 8 Sep. 2015

Index Terms

Cryptographic protocols, provable security, universal composability


The Universal Composability (UC) framework provides provable security guaranties for harsh application environment, where we want to construct protocols which keep security guarantees even when they are concurrently composed with arbitrary number of arbitrary (even hostile) protocols. This is a very strong guarantee. The UC-framework inherently supports the modular design, which allows secure composition of arbitrary number of UC-secure components with an arbitrary protocol. In contrast, traditional analysis and design is a stand alone analysis where security of a single instance is considered, i.e. an instance which is not in potential interaction with any concurrent instances. Furthermore, a typical traditional analysis is informal, i.e. without a formal proof. In spite of these facts, beyond the task of key-exchange this technology have not really took the attention of the community of applied cryptography. From practitioner's point of view the UC-world may seem more or less an academic interest of theoretical cryptographers. 
Accordingly we take a pragmatic approach, where we concentrate on meaningful compromises between the assumed adversarial strength, ideality wishes and realization complexity while keeping provable security guarantees within the UC-framework. We believe that even modest but provable goals (especially, if tunable to application scenarios) are interesting if a wider penetration of the UC-technology is desired into the daily-practice of protocol applications.

Cite This Paper

István Vajda,"Can universally composable cryptographic protocols be practical?", International Journal of Computer Network and Information Security(IJCNIS), vol.7, no.10, pp.23-34, 2015.DOI: 10.5815/ijcnis.2015.10.03


[1] M. Backes, I. Cervesato, A. D. Jaggard, A. Scedrov and J. K. Tsay, Cryptographically Sound Security Proofs for Basic And Public-Key Kerberos. Proc. 11th European Symp. on Research. in Comp. Sec., 2006.

[2] M. Backes, B. Pfitzmann, and M. Waidner, A universally composable cryptographic library. IACR Cryptology ePrint Archive, Report 2003/015, January 2003.

[3] M. Backes and B. Pfitzmann, A General Composition Theorem for Secure Reactive Systems. Theory of Cryptograpy Conference (TCC 2004), LNCS 2951, pp. 336-354, 2004.

[4] B. Barak, R. Canetti, J. Nielsen, and R. Pass, Universally Composable Protocols with Relaxed Set-up Assumptions. In Proceedings of FOCS, 2004.

[5] B.Barak, R.Canetti, Y.Lindell, R.Pass and T.Rabin, Secure Computation Without Authentication. International Cryptology Conference, Santa Barbara, California, USA, August 14-18, CRYPTO 2005, 2005.

[6] J. Camensisch, S. Krenn and V. Shoup, A Framework for Practical Universally Composable Zero-Knowledge Protocols, In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011, 2011.

[7] R. Canetti, Security and composition of multi-party cryptographic protocols. Journal of Cryptolology, vol. 13, no.1, 2000.

[8] R. Canetti, Universally Composable Security: A New Paradigm for Cryptographic Protocols. Cryptology ePrint Archive, Report 2000/067. (received 22 Dec 2000, last revised 16 Jul 2013)

[9] R.Canetti, Universally Composable Notions of Signature, Certification, and Authentication. 17th IEEE Computer Security Foundations Workshop (CSFW), 2004.

[10] R. Canetti, Y. Dodis, R. Pass and S. Walfish, Universally Composable Security with Global Setup. Cryptology ePrint Archive, Report 2006/432. Nov 2006.

[11] R. Canetti and M. Fischlin, Universally Composable Commitments. CRYTO 2001, 2001.

[12] R. Canetti and J. Herzog, Universally Composable Symbolic Analysis of Mutual Authentication and Key-Exchange Protocols. DIMACS workshop on protocol security analysis, June 2004.

[13] R. Canetti and H. Krawczyk, Universally Composable Notions of Key Exchange and Secure Channels. L.R.Knudsen (Ed.): EUROCRYPT 2002, LNCS 2332, pp. 337-351, 2002.

[14] R. Canetti and H. Krawczyk, Security Analysis of IKE's Signature-Based Key-Exchange Protocol. In CRYPTO 2002, LNCS 2442, pp. 143-161, 2002.

[15] R. Canetti, Y. Lindell, R. Ostrovski, A. Sahai, Universally composable two-party and multi-party secure computation. 34th STOC, pp. 494-503, 2002.

[16] R. Canetti and T. Rabin, Universal Composition with Joint State. CRYPTO 2003, 2003.

[17] S. Gajek, M. Manulis, O. Pereira, A-R. Sadeghi, J. Schwenk, Universally Composable Security Analysis of TLS. ProvSec 2008, pp. 313-327, 2008.

[18] J. A. Garay, P. MacKenzie, and K. Yang, Strengthening zero-knowledge protocols using signatures. Journal of Cryptology, vol. 19, no. 22, pp. 169-209, 2006.

[19] J. A. Garay, D. Wichs, H-S. Zhouz, Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer. CRYPTO 2009, pp. 505-523, 2009.

[20] J.A. Garay, Y. Ishai, R. Kumaresan and H. Wee, On the Complexity of UC Commitments. LNCS Vol. 8441, 2014, EUROCRYPT 2014, pp. 677-694, 2014.

[21] O. Goldreich, S. Micali, and A. Wigderson, How to play ANY mental game. In Proceedings of the nineteenth annual ACM conference on Theory of computing, ACM Press, pp. 218-229, 1987.

[22] J. Groth, Evaluating Security of Voting Schemes in the Universal Composability Framework. ACNS 2004, pp. 46-60, 2004.

[23] F. B. Hamouda, O. Blazy, C. Chevalier, D. Pointcheval, D. Vergnaud, Efficient UC-Secure Authenticated Key-Exchange for Algebraic Languages. Public Key Cryptography 2013, pp. 272-291, 2013.

[24] H. Jayasree and A. Damodaram, A Novel Fair Anonymous Contract Signing Protocol for E-Commerce Applications. International Journal of Network Security & Its Applications (IJNSA), vol.4, no.5, Sept. 2012.

[25] D. Hofheinz and E. Kiltz, The group of signed quadratic residues and applications. In S. Halevi, editor, CRYPTO 2009, LNCS 5677, pp. 637-653, 2009.

[26] H. Krawczyk, HMQV: A High-Performance Secure Diffie-Hellman Protocol. CRYPTO 2005, LNCS 3621, pp. 546-566, 2005.

[27] Y. Lindell, Highly-Efficient Universally-Composable Commitments based on the DDH Assumption. EUROCRYPT 2011, pp. 446-466, 2011.

[28] H.Lipmaa, N.Asokan, V.Niemi, Secure Vickrey Auctions without Threshold Trust. Financial Cryptography, Bermuda, 2002.

[29] Y. Lindell, An Efficient Transform from Sigma Protocols to NIZK with a CRS and Non-programmable Random Oracle. TCC (1) 2015, pp. 93-109, 2015.

[30] A. Patil, On Symbolic Analysis of Cryptographic Protocols. Master Thesis. MIT, May 2005.

[31] C. Peikert, V. Vaikuntanathan, B. Waters, A Framework for Efficient and Composable Oblivious Transfer. CRYPTO 2008, pp. 554-571, 2008.

[32] Heiko Stamer, Efficient Electronic Gambling: An Extended Implementation of the Toolbox for Mental Card Games. C. Wolf, S. Lucks, P.-W. Yau (Eds.): WEWoRC 2005, LNI P-74, pp. 1–12, 2005.

[33] G. ács, L. Buttyán, and I. Vajda. Provably secure on-demand source routing in mobile ad hoc networks. IEEE Transactions on Mobile Computing, vol.5, no.11, 2006.

[34] I.Vajda, A Universal Composability Framework For Anonymous Communications, Journal of Computer and Communications Security, vol.3, no.3, pp. 33-44. Sept. 2013.

[35] I. Vajda, Provably Secure On-demand Routing Protocols. Pioneer Journal of Computer Science and Engineering Technology, vol.6, no.1-2, pp. 19-39, 2013.

[36] I. Vajda, A proof technique for security assessment of on-demand ad hoc routing protocols. International Journal of Security and Networks, vol. 9, no.1, pp. 12-19, 2014.

[37] S.Walfish, Enhanced Security Models for Network Protocols. PhD Dissertation. New York University. January 2008.

[38] A. C. Yao, Protocols for Secure Computations (Extended Abstract) FOCS 1982, pp. 160-164, 1982.