TY - GEN
T1 - Obtaining universally compoable security
T2 - 13th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2007
AU - Canetti, Ran
PY - 2007
Y1 - 2007
N2 - A desirable goal for cryptographic protocols is to guarantee security when the protocol is composed with other protocol instances. Universally Composable (UC) security provides this guarantee in a strong sense: A UC-secure protocol maintains its security properties even when composed concurrently with an unbounded number of instances of arbitrary protocols. However, many interesting cryptographic tasks are provably impossible to realize with UC security, unless some trusted set-up is assumed. Impossibility holds even if ideally authenticated communication channels are provided. This survey examines and compares a number of set-up assumptions (models) that were recently demonstrated to suffice for constructing UC-secure protocols that realize practically any cryptographic task. We start with the common reference string (CRS) and key registration (KR) models. We then proceed to the "sunspot" models, which allow for some adversarial control over the set-up, a number of models which better captures set-up that is globally available in the system, and a timing assumption. Finally, we briefly touch upon set-up models for obtaining authenticated communication.
AB - A desirable goal for cryptographic protocols is to guarantee security when the protocol is composed with other protocol instances. Universally Composable (UC) security provides this guarantee in a strong sense: A UC-secure protocol maintains its security properties even when composed concurrently with an unbounded number of instances of arbitrary protocols. However, many interesting cryptographic tasks are provably impossible to realize with UC security, unless some trusted set-up is assumed. Impossibility holds even if ideally authenticated communication channels are provided. This survey examines and compares a number of set-up assumptions (models) that were recently demonstrated to suffice for constructing UC-secure protocols that realize practically any cryptographic task. We start with the common reference string (CRS) and key registration (KR) models. We then proceed to the "sunspot" models, which allow for some adversarial control over the set-up, a number of models which better captures set-up that is globally available in the system, and a timing assumption. Finally, we briefly touch upon set-up models for obtaining authenticated communication.
UR - http://www.scopus.com/inward/record.url?scp=38149072386&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-76900-2_6
DO - 10.1007/978-3-540-76900-2_6
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:38149072386
SN - 9783540768999
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 88
EP - 112
BT - Advances in Cryptology - ASIACRYPT 2007 - 13th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings
PB - Springer Verlag
Y2 - 2 December 2007 through 6 December 2007
ER -