A Unified Approach to Constructing Black-Box UC Protocols in Trusted Setup Models

We present a unified framework for obtaining black-box constructions of Universal Composable (UC) protocol in trusted setup models. Our result is analogous to the unified framework of Lin, Pass, and Venkitasubramaniam [STOC’09, Asiacrypt’12] that, however

  • PDF / 657,942 Bytes
  • 34 Pages / 439.37 x 666.142 pts Page_size
  • 64 Downloads / 172 Views

DOWNLOAD

REPORT


NTT Secure Platform Laboratories, Tokyo, Japan [email protected] University of California, Santa Barbara, CA, USA [email protected] 3 University of Rochester, Rochester, NY, USA [email protected]

Abstract. We present a unified framework for obtaining black-box constructions of Universal Composable (UC) protocol in trusted setup models. Our result is analogous to the unified framework of Lin, Pass, and Venkitasubramaniam [STOC’09, Asiacrypt’12] that, however, only yields non-black-box constructions of UC protocols. Our unified framework shows that to obtain black-box constructions of UC protocols, it suffices to implement a special purpose commitment scheme that is, in particular, concurrently extractable using a given trusted setup. Using our framework, we improve black-box constructions in the common reference string and tamper-proof hardware token models by weakening the underlying computational and setup assumptions.

1

Introduction

Secure multi-party computation (MPC) protocols enable a set of m mutually distrustful parties with private inputs x1 , · · · , xm to jointly compute a function f , learn the output f (x1 , · · · , xm ) and nothing else. In the classical stand-alone setting, security of MPC protocols is analyzed where a single instance of a protocol runs in isolation. However, such analysis falls short of guaranteeing security in more realistic, concurrent, settings, where multiple instances of different protocols co-exist and are subject to coordinated attacks. To address this, Canetti formulated the Universally Composable (UC) framework [1] for reasoning about the security of protocols in arbitrary execution environments that dynamically interact with the analyzed protocol. The UC framework formulates, so far, the most stringent and realistic model of protocol execution, and provides a strong composability property —known as the universal composition theorem— that protocols shown secure in the UC framework remain secure when executed concurrently within arbitrary larger complex system. Unfortunately, these strong properties come at a price: Many natural functionalities cannot be realized with UC security in the plain model, where the c International Association for Cryptologic Research 2017  Y. Kalai and L. Reyzin (Eds.): TCC 2017, Part I, LNCS 10677, pp. 776–809, 2017. https://doi.org/10.1007/978-3-319-70500-2_26

A Unified Approach to BB UC Protocols in Trusted Setup Models

777

only setup provided is authenticated communication channels; some additional trusted setup is necessary [2,3]. Following Canetti and Fischlin [2], Canetti et al. [4] demonstrated the feasibility of UC-secure protocols realizing general functionalities, in the Common Reference String (CRS) Model, where a trusted entity samples a single CRS from a prescribed distribution that can be referenced to by all executions of the designed protocol. Since its conception, a long line of work have focused on designing UC secure protocols under various trusted setups, from CRS, to public key infrastructure, to tam