TY - GEN
T1 - Practical UC security with a global random oracle
AU - Canetti, Ran
AU - Jain, Abhishek
AU - Scafuro, Alessandra
PY - 2014/11/3
Y1 - 2014/11/3
N2 - Contrary to prior belief, we show that there exist commitment, zero-knowledge and general function evaluation protocols with universally composable security, in a model where all parties and all protocols have access to a single, global, random oracle and no other trusted setup. This model provides significantly stronger composable security guarantees than the traditional random oracle model of Bellare and Rogaway [CCS'93] or even the common reference string model. Indeed, these latter models provide no security guarantees in the presence of arbitrary protocols that use the same random oracle (or reference string or hash function). Furthermore, our protocols are highly efficient. Specifically, in the interactive setting, our commitment and general computation protocols are much more efficient than the best known ones due to Lindell [Crypto'11,'13] which are secure in the common reference string model. In the non-interactive setting, our protocols are slightly less efficient than the best known ones presented by Afshar et al. [Euro-crypt '14] but do away with the need to rely on a non-global (programmable) reference string.
AB - Contrary to prior belief, we show that there exist commitment, zero-knowledge and general function evaluation protocols with universally composable security, in a model where all parties and all protocols have access to a single, global, random oracle and no other trusted setup. This model provides significantly stronger composable security guarantees than the traditional random oracle model of Bellare and Rogaway [CCS'93] or even the common reference string model. Indeed, these latter models provide no security guarantees in the presence of arbitrary protocols that use the same random oracle (or reference string or hash function). Furthermore, our protocols are highly efficient. Specifically, in the interactive setting, our commitment and general computation protocols are much more efficient than the best known ones due to Lindell [Crypto'11,'13] which are secure in the common reference string model. In the non-interactive setting, our protocols are slightly less efficient than the best known ones presented by Afshar et al. [Euro-crypt '14] but do away with the need to rely on a non-global (programmable) reference string.
KW - Global random oracle model
KW - Secure computation
KW - Universal composition
UR - http://www.scopus.com/inward/record.url?scp=84910667818&partnerID=8YFLogxK
U2 - 10.1145/2660267.2660374
DO - 10.1145/2660267.2660374
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84910667818
SN - 9781450329576
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 597
EP - 608
BT - Proceedings of the ACM Conference on Computer and Communications Security
PB - Association for Computing Machinery
T2 - 21st ACM Conference on Computer and Communications Security, CCS 2014
Y2 - 3 November 2014 through 7 November 2014
ER -