An equational approach to secure multi-party computation

Micciancio, Daniele; Tessaro, Stefano

doi:10.1145/2422436.2422478

Cited by 15 publications

(18 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This subsection further discuss the model of computation and compare it with other general models in the literature that are aimed at capturing distributed computation with concurrently running processes-some of which explicitly aim at modeling security of protocols. A very incomplete list of such models includes the CSP model of Hoare [74], the CCS model and π -calculus of Milner [99,100] (that is based on the λ-calculus as its basic model of computation), the spi-calculus of Abadi and Gordon [1] (that is based on the π -calculus), the framework of Lincoln et al [87] (that uses the functional representation of probabilistic polynomial time from [101]), the I/O automata of Merritt and Lynch [91], the probabilistic I/O automata of Lynch, Segala, and Vaandrager [92,115], the Abstract Cryptography model of Maurer and Renner [94], and the equational approach of Micciancio and Tessaro [97]. (Other approaches are mentioned in the Appendix.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Universally Composable Security

Canetti

2020

J. ACM

View full text Add to dashboard Cite

This work presents a general framework for describing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols is preserved under a general composition operation, called universal composition. The proposed framework with its security-preserving composition operation allows for modular design and analysis of complex cryptographic protocols from simpler building blocks. Moreover, within this framework, protocols are guaranteed to maintain their security in any context, even in the presence of an unbounded number of arbitrary protocol sessions that run concurrently in an adversarially controlled manner. This is a useful guarantee, which allows arguing about the security of cryptographic protocols in complex and unpredictable environments such as modern communication networks. CCS Concepts: • Theory of computation → Computational complexity and cryptography; Cryptographic protocols; Concurrency; Distributed computing models; Process calculi; • Security and privacy → Formal methods and theory of security;

show abstract

Section: Discussionmentioning

confidence: 99%

“…Micciancio and Tessaro [97] provide an alternative, simplified formalism for composable simulation-based security of protocol. The formalism, which is a generalization of Kahn networks [80], allows for equational (rather than temporal) representation and analysis of protocols and their security.…”

Section: Appendix a Related Workmentioning

confidence: 99%

Universally Composable Security

Canetti

2020

J. ACM

View full text Add to dashboard Cite

show abstract

“…We have already mentioned that cryptographers have developed a plethora of frameworks for composable security, such as universally composable cryptography [16], reactive simulatability [3,4,68] and others [44,49,52,61]. Moreover, some of these frameworks have been adapted to the quantum setting [7, 64,79].…”

Section: Related Workmentioning

confidence: 99%

“…Our work can be seen as a particular formalization of the ideas behind constructive cryptography, or alternatively as giving a categorical account of the real-world-ideal-world paradigm (also known as the simulation paradigm [39]), which underlies more concrete frameworks for composable security, such as universally composable cryptography [16] and others [3,4,44,49,52,61,68]. We will discuss these approaches and abstract and constructive cryptography in more detail in Section 1.1…”

Section: Introductionmentioning

confidence: 99%

Categorical composable cryptography

Broadbent,

Karvonen

2021

Preprint

View full text Add to dashboard Cite

We formalize the simulation paradigm of cryptography in terms of category theory and show that protocols secure against abstract attacks form a symmetric monoidal category, thus giving an abstract model of composable security definitions in cryptography. Our model is able to incorporate computational security, set-up assumptions and various attack models such as colluding or independently acting subsets of adversaries in a modular, flexible fashion. We conclude by using string diagrams to rederive no-go results concerning the limits of bipartite and tripartite cryptography, ruling out e.g. composable commitments and broadcasting. On the way, we exhibit two categorical constructions of resource theories that might be of independent interest: one capturing resources shared among n parties and one capturing resource conversions that succeed asymptotically.

show abstract

“…Rather, our aim is to capture concurrency for more restricted tasks, and thus obtain a simpler definition. Due to its simplicity, our work can also act as a bridge for connecting the full UC framework with alternative formalisms like [25]. A similar attempt at providing a simplified framework appeared in [27,Ch.…”

Section: Related Workmentioning

confidence: 99%

A Simpler Variant of Universally Composable Security for Standard Multiparty Computation

Canetti

Cohen

Lindell

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In this paper, we present a simpler and more restricted variant of the universally composable security (UC) framework that is suitable for "standard" two-party and multiparty computation tasks. Many of the complications of the UC framework exist in order to enable more general tasks than classic secure computation. This generality may be a barrier to entry for those who are used to the stand-alone model of secure computation and wish to work with universally composable security but are overwhelmed by the differences. The variant presented here (called simplified universally composable security, or just SUC) is closer to the definition of security for multiparty computation in the stand-alone setting. The main difference is that a protocol in the SUC framework runs with a fixed set of parties who know each other's identities ahead of time, and machines cannot be added dynamically to the execution. As a result, the definitions of polynomial time and protocol composition are much simpler. In addition, the SUC framework has authenticated channels built in, as is standard in previous definitions of security, and all communication is done via the adversary in order to enable arbitrary scheduling of messages. Due to these differences, not all cryptographic tasks can be expressed in the SUC framework. Nevertheless, standard secure computation tasks (like secure function evaluation) can be expressed. Importantly, we show a natural security-preserving transformation from protocols in the SUC model to protocols in the full-fledged UC model. Consequently, the UC composition theorem holds in the SUC model, and any protocol that is proven secure under SUC can be transformed to a protocol that is secure in the UC model.

show abstract

An equational approach to secure multi-party computation

Cited by 15 publications

References 23 publications

Universally Composable Security

Universally Composable Security

Categorical composable cryptography

A Simpler Variant of Universally Composable Security for Standard Multiparty Computation

Contact Info

Product

Resources

About