Results 1 
3 of
3
Impossibility Results for Universal Composability in PublicKey Models and with Fixed Inputs
, 2010
"... Universal composability and concurrent general composition consider a setting where secure protocols are run concurrently with each other and with arbitrary other possibly insecure protocols. Protocols that meet the definition of universal composability are guaranteed to remain secure even when run ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Universal composability and concurrent general composition consider a setting where secure protocols are run concurrently with each other and with arbitrary other possibly insecure protocols. Protocols that meet the definition of universal composability are guaranteed to remain secure even when run in this strongly adversarial setting. In the case of an honest majority, or where there is a trusted setup phase of some kind (like a common reference string or the keyregistration publickey infrastructure of Barak et al. in FOCS 2004), it has been shown that any functionality can be securely computed in a universally composable way. On the negative side, it has also been shown that in the plain model where there is no trusted setup at all, there are large classes of functionalities which cannot be securely computed in a universally composable way without an honest majority. In this paper we extend these impossibility results for universal composability. We study a number of publickey models and show for which models the impossibility results of universal composability hold and for which they do not. We also consider a setting where the inputs to the protocols running in the network are fixed before any execution begins. The majority of our
Concurrent/Resettable ZeroKnowledge with Concurrent Soundness in the Bare PublicKey Model and Its Applications
, 2003
"... In this paper, we present both practical and general 4round concurrent and resettable zeroknowledge arguments with concurrent soundness in the bare publickey (BPK) model. To our knowledge, our result is the first work that achieves concurrent soundness for ZK protocols in the BPK model and stan ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
In this paper, we present both practical and general 4round concurrent and resettable zeroknowledge arguments with concurrent soundness in the bare publickey (BPK) model. To our knowledge, our result is the first work that achieves concurrent soundness for ZK protocols in the BPK model and stands for the current stateoftheart of concurrent zeroknowledge with setup assumptions.
Concurrent Knowledge Extraction in the PublicKey Model
, 2009
"... Knowledge extraction is a fundamental notion, modelling machine possession of values (witnesses) in a computational complexity sense. The notion provides an essential tool for cryptographic protocol design and analysis, enabling one to argue about the internal state of protocol players without ever ..."
Abstract
 Add to MetaCart
(Show Context)
Knowledge extraction is a fundamental notion, modelling machine possession of values (witnesses) in a computational complexity sense. The notion provides an essential tool for cryptographic protocol design and analysis, enabling one to argue about the internal state of protocol players without ever looking at this supposedly secret state. However, when transactions are concurrent (e.g., over the Internet) with players possessing publickeys (as is common in cryptography), assuring that entities “know” what they claim to know, where adversaries may be well coordinated across different transactions, turns out to be much more subtle and in need of reexamination. Here, we investigate how to formally treat knowledge possession by parties (with registered publickeys) interacting over the Internet. Stated more technically, we look into the relative power of the notion of “concurrent knowledgeextraction” (CKE) in the concurrent zeroknowledge (CZK) bare publickey (BPK) model. We show the potential vulnerability of maninthemiddle (MIM) attacks turn out to be a real security threat to existing natural protocols running concurrently in the publickey model, which motivates us to introduce and formalize the notion of CKE. Then, both generic (based on standard polynomial assumptions) and efficient (employing complexity leveraging in a novel way) implementations for N P are presented for constantround (in particular, roundoptimal) concurrently knowledgeextractable concurrent zeroknowledge (CZKCKE) arguments in the BPK model. The efficient implementation can be further high practically instantiated for specific numbertheoretic language. Along the way, we discuss and clarify the various subtleties surrounding the security formulation and analysis, which provides insights into the complex CZKCKE setting.