Universal composability (UC) framework seems to be a powerful framework for proving security of protocols, which guarantees security even in the presence of concurrent composition. Though, I see there are multiple variants of the original UC framework, such as simplified UC (SUC), joint state UC (JUC), global setup UC (GUC). I was wondering how all these different variants fit together. For example, assume there is an ideal functionality $\mathcal{F}$, which is defined in $(\mathcal{F}_1,\mathcal{F}_2, \mathcal{F}_3)$-hybrid model, where $\mathcal{F}_1$ is in the original UC framework, $\mathcal{F}_2$ is an ideal functionality such as a global setup or blockchain that should be available to all the other protocols, so we assume that it is in GUC, and $\mathcal{F}_3$ is something like a key generation functionality that is defined in such a way that should have multi instances, so let's assume it is in JUC. So, now when proving the security of $\mathcal{F}$, how should one prove it? Can one just prove it in normal UC? Or do one needs to do the proof in GUC or JUC, since $\mathcal{F}_2$ and $\mathcal{F}_3$ are assumed to be defined in those frameworks, respectively?
Asked
Active
Viewed 250 times
1 Answers
0
Do not take my word for it, but as far as I remember: a GUC-secure protocol is secure in the UC framework; the converse is not true since a protocol secure in the UC framework might not allow for a global setup. The JUC framework is mainly aimed toward having, in the end, a proof in the standard UC framework: a protocol secure in the JUC framework can be composed in a certain, restricted way with UC-secure protocols, and lead to a UC-secure protocol. The advantage is that JUC-secure protocols can be built more efficiently, so when this restricted composition suffices, we are fine.
Geoffroy Couteau
- 21,719
- 2
- 55
- 78