Abstract not found

Concurrent general composition relates to a setting where a secure protocol is run in a network concurrently with other, arbitrary protocols. Clearly, security in such a setting is what is desired, or even needed, in modern computer networks where many different protocols are executed concurrently. Canetti (FOCS 2001) introduced the notion of universal composability, and showed that security under this definition is sufficient for achieving concurrent general composition. However, it is not known whether or not the opposite direction also holds. Our main result is a proof that security under concurrent general composition is equivalent to a relaxed variant of universal composability (where the only difference relates to the order of quantifiers in the definition). An important corollary of this theorem is that existing impossibility results for universal composability (or actually its relaxed variant) are inherent in any definition achieving security under concurrent general composition. In particular, there are large classes of two-party functionalities for which it is impossible to obtain protocols (in the plain model) that remain secure under concurrent general composition. We stress that the impossibility results obtained are not “black-box”, and apply even to non-black-box simulation. Our main result also demonstrates that the definition of universal composability is somewhat “minimal”, in that the composition guarantee provided by universal composability (almost) implies the definition itself. This indicates that the security definition of universal composability is not overly restrictive.

Privacy is an increasingly important aspect of data publishing. Reasoning about privacy, however, is fraught with pitfalls. One of the most significant is the auxiliary information (also called external knowledge, background knowledge, or side information) that an adversary gleans from other channels such as the web, public records, or domain knowledge. This paper explores how one can reason about privacy in the face of rich, realistic sources of auxiliary information. Specifically, we investigate the effectiveness of current anonymization schemes in preserving privacy when multiple organizations independently release anonymized data about overlapping populations. 1. We investigate composition attacks, in which an adversary uses independent anonymized releases to breach privacy. We explain why recently proposed models of limited auxiliary information fail to capture composition attacks. Our experiments demonstrate that even a simple instance of a composition attack can breach privacy in practice, for a large class of currently proposed techniques. The class includes k-anonymity and several recent variants. 2. On a more positive note, certain randomization-based notions of privacy (such as differential privacy) provably resist composition attacks and, in fact, the use of arbitrary side information. This resistance enables “stand-alone ” design of anonymization schemes, without the need for explicitly keeping track of other releases. We provide a precise formulation of this property, and prove that an important class of relaxations of differential privacy also satisfy the property. This significantly enlarges the class of protocols known to enable modular design. 1.

We introduce the notion of multi-trapdoor commitments which is a stronger form of trapdoor commitment schemes. We then construct two very e#cient instantiations of multi-trapdoor commitment schemes, based on the Strong RSA Assumption and the recently introduced Strong Di#e-Hellman Assumption.

We present a universally composable time-stamping scheme based on universal one-way hash functions.

In this paper, we present both practical and general 4-round concurrent and resettable zeroknowledge arguments with concurrent soundness in the bare public-key (BPK) model. To our knowledge, our result is the first work that achieves concurrent soundness for ZK protocols in the BPK model and stands for the current state-of-the-art of concurrent zero-knowledge with setup assumptions.

Universal composability and concurrent general composition consider a setting where secure protocols are run concurrently with each other and with arbitrary other possibly insecure protocols. Protocols that meet the definition of universal composability are guaranteed to remain secure even when run in this strongly adversarial setting. In the case of an honest majority, or where there is a trusted setup phase of some kind (like a common reference string or the keyregistration public-key infrastructure of Barak et al. in FOCS 2004), it has been shown that any functionality can be securely computed in a universally composable way. On the negative side, it has also been shown that in the plain model where there is no trusted setup at all, there are large classes of functionalities which cannot be securely computed in a universally composable way without an honest majority. In this paper we extend these impossibility results for universal composability. We study a number of public-key models and show for which models the impossibility results of universal composability hold and for which they do not. We also consider a setting where the inputs to the protocols running in the network are fixed before any execution begins. The majority of our

Economic mechanisms are designed to achieve an efficient allocation of resources in demand driven supply chain network. In order to select the right allocation protocol for a certain situation, it is important to know about the characteristics of different negotiation situations and related market clearing mechanisms. The sharing of information is important for efficient coordination of operational processes across the supply chain. But, the partners of supply chain are often reluctant to disclose sensitive strategic information with a perception that such type of information can either be used by the supply chain partners or can be disclosed to their competitors. Privacy is a critical issue for efficient supply chain management. This paper presents two privacy preserving market-clearing mechanisms integrating the concepts of secure multi-party computation and supply chain management. The first protocol is useful for discriminatory pricing based market-clearing mechanism; different buyers pay different prices to the supplier. The protocol does not use any mediator. The second protocol is useful for nondiscriminatory pricing based market-clearing mechanism; all buyers pay the same unit price to the supplier. Both protocols preserve the privacy of the buyers and the supplier regarding their

Abstract—Many location-based services for alerting persons of nearby friends have been deployed in practice. A drawback of most approaches to providing such services is that friends always learn each other’s location even when they are not actually nearby. The Louis protocol proposed by Zhong, Goldberg and Hengartner aims to ensure that a friend’s location is revealed to another friend if and only if the friends are actually nearby. The protocol lets a third party learn whether the friends are nearby, without the third party learning their location. The third party communicates the answer to the person who invokes the service. A key feature of the protocol is that a person can detect misbehavior by the third party or the person’s friend. This paper reveals a flaw in the way the protocol handles the detection of the misbehaving party, leading to an unauthorized disclosure of a person’s location. Two alternatives for fixing the flaw in the protocol are proposed and a heuristic analysis is given. I.