Universally composable security: A new paradigm for cryptographic protocols

R. Canetti*

*Corresponding author for this work

Research output: Contribution to journalConference articlepeer-review

2108 Scopus citations

Abstract

We propose a new paradigm for defining security of cryptographic protocols, called universally composable security. The salient property of universally composable definitions of security is that they guarantee security even when a secure protocol is composed with an arbitrary set of protocols, or more generally when the protocol is used as a component of an arbitrary system. This is an essential property for maintaining security of cryptographic protocols in complex and unpredictable environments such as the Internet. In particular, universally composable definitions guarantee security even when an unbounded number of protocol instances are executed concurrently in an adversarially controlled manner, they guarantee non-malleability with respect to arbitrary protocols, and more. We show how to formulate universally composable definitions of security for practically any cryptographic task. Furthermore, we demonstrate that practically any such definition can be realized using known techniques, as long as only a minority of the participants are corrupted. We then proceed to formulate universally composable definitions of a wide array of cryptographic tasks, including authenticated and secure communication, key-exchange, public-key encryption, signature, commitment, oblivious transfer, zero knowledge and more. We also make initial steps towards studying the realizability of the proposed definitions in various settings.

Original languageEnglish
Pages (from-to)136-145
Number of pages10
JournalAnnual Symposium on Foundations of Computer Science - Proceedings
DOIs
StatePublished - 2001
Externally publishedYes
Event42nd Annual Symposium on Foundations of Computer Science - Las Vegas, NV, United States
Duration: 14 Oct 200117 Oct 2001

Keywords

  • Concurrent composition
  • Cryptographic protocols
  • Security analysis of protocols

Fingerprint

Dive into the research topics of 'Universally composable security: A new paradigm for cryptographic protocols'. Together they form a unique fingerprint.

Cite this