Adaptive hardness and composable security in the plain model from standard assumptions

Research output: Contribution to journalArticlepeer-review


We construct the first general secure computation protocols that require no trusted infrastructure other than authenticated communication, and that satisfy a meaningful notion of security that is preserved under universal composition - assuming only the existence of enhanced trapdoor permutations. The notion of security fits within a generalization of the "angel-based" framework of Prabhakaran and Sahai [STOC'04, ACM, New York, 2004, pp. 242-251] and implies superpolynomialtime simulation security. Security notions of this kind are currently known to be realizable only under strong and specific hardness assumptions. A key element in our construction is a commitment scheme that satisfies a new and strong notion of security. The notion, security against chosen-commitment attacks (CCA security), means that security holds even if the attacker has access to an extraction oracle that gives the adversary decommitment information to commitments of the adversary's choice. This notion is stronger than concurrent nonmalleability and is of independent interest. We construct CCA-secure commitments based on standard one-way functions, and with no trusted setup. To the best of our knowledge, this provides the first construction of a natural cryptographic primitive having adaptive hardness from standard hardness assumptions, using no trusted setup or public keys.

Original languageEnglish
Pages (from-to)1793-1834
Number of pages42
JournalSIAM Journal on Computing
Issue number5
StatePublished - 2016


  • Adaptive hardness
  • Composable security
  • Cryptography
  • Secure multiparty computation


Dive into the research topics of 'Adaptive hardness and composable security in the plain model from standard assumptions'. Together they form a unique fingerprint.

Cite this