(Public) verifiability for composable protocols without adaptivity or zero-knowledge

Carsten Baum; Bernardo David; Rafael Dowsley

doi:10.1007/978-3-031-20917-8_17

(Public) verifiability for composable protocols without adaptivity or zero-knowledge

Carsten Baum, Bernardo David, Rafael Dowsley

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

2 Citations (Scopus)

Abstract

The Universal Composability (UC) framework (FOCS ’01) is the current standard for proving security of cryptographic protocols under composition. It allows to reason about complex protocol structures in a bottom-up fashion: any building block that is UC-secure can be composed arbitrarily with any other UC-secure construction while retaining their security guarantees. Unfortunately, some protocol properties such as the verifiability of outputs require excessively strong tools to achieve in UC. In particular, “obviously secure” constructions cannot directly be shown to be UC-secure, and verifiability of building blocks does not easily carry over to verifiability of the composed construction. In this work, we study Non-Interactive (Public) Verifiability of UC protocols, i.e. under which conditions a verifier can ascertain that a party obtained a specific output from the protocol. The verifier may have been part of the protocol execution or not, as in the case of public verifiability. We consider a setting used in a number of applications where it is ok to reveal the input of the party whose output gets verified and analyze under which conditions such verifiability can generically be achieved using “cheap” cryptographic primitives. That is, we avoid having to rely on adaptively secure primitives or heavy computational tools such as NIZKs. As Non-Interactive Public Verifiability is crucial when composing protocols with a public ledger, our approach can be beneficial when designing these with provably composable security and efficiency in mind.

Original language	English
Title of host publication	Provable and Practical Security - 16th International Conference, ProvSec 2022 Nanjing, China, November 11–12, 2022 Proceedings
Editors	Chunpeng Ge, Fuchun Guo
Place of Publication	Cham Switzerland
Publisher	Springer
Pages	249-272
Number of pages	24
ISBN (Electronic)	9783031209178
ISBN (Print)	9783031209161
DOIs	https://doi.org/10.1007/978-3-031-20917-8_17
Publication status	Published - 2022
Event	International Conference on Provable Security 2022 - Nanjing, China Duration: 11 Nov 2022 → 12 Nov 2022 Conference number: 16th https://link.springer.com/book/10.1007/978-3-031-20917-8 (Proceedings) https://provsec2022.github.io/ProvSec2022/ (Website)

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	13600
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	International Conference on Provable Security 2022
Abbreviated title	ProvSec 2022
Country/Territory	China
City	Nanjing
Period	11/11/22 → 12/11/22
Internet address	https://link.springer.com/book/10.1007/978-3-031-20917-8 (Proceedings) https://provsec2022.github.io/ProvSec2022/ (Website)

Access to Document

10.1007/978-3-031-20917-8_17

Cite this

Baum, C., David, B., & Dowsley, R. (2022). (Public) verifiability for composable protocols without adaptivity or zero-knowledge. In C. Ge, & F. Guo (Eds.), Provable and Practical Security - 16th International Conference, ProvSec 2022 Nanjing, China, November 11–12, 2022 Proceedings (pp. 249-272). (Lecture Notes in Computer Science; Vol. 13600). Springer. https://doi.org/10.1007/978-3-031-20917-8_17

Baum, Carsten ; David, Bernardo ; Dowsley, Rafael. / (Public) verifiability for composable protocols without adaptivity or zero-knowledge. Provable and Practical Security - 16th International Conference, ProvSec 2022 Nanjing, China, November 11–12, 2022 Proceedings. editor / Chunpeng Ge ; Fuchun Guo. Cham Switzerland : Springer, 2022. pp. 249-272 (Lecture Notes in Computer Science).

@inproceedings{6b7e2ed92006465a8dbb0e400bd189e8,

title = "(Public) verifiability for composable protocols without adaptivity or zero-knowledge",

abstract = "The Universal Composability (UC) framework (FOCS {\textquoteright}01) is the current standard for proving security of cryptographic protocols under composition. It allows to reason about complex protocol structures in a bottom-up fashion: any building block that is UC-secure can be composed arbitrarily with any other UC-secure construction while retaining their security guarantees. Unfortunately, some protocol properties such as the verifiability of outputs require excessively strong tools to achieve in UC. In particular, “obviously secure” constructions cannot directly be shown to be UC-secure, and verifiability of building blocks does not easily carry over to verifiability of the composed construction. In this work, we study Non-Interactive (Public) Verifiability of UC protocols, i.e. under which conditions a verifier can ascertain that a party obtained a specific output from the protocol. The verifier may have been part of the protocol execution or not, as in the case of public verifiability. We consider a setting used in a number of applications where it is ok to reveal the input of the party whose output gets verified and analyze under which conditions such verifiability can generically be achieved using “cheap” cryptographic primitives. That is, we avoid having to rely on adaptively secure primitives or heavy computational tools such as NIZKs. As Non-Interactive Public Verifiability is crucial when composing protocols with a public ledger, our approach can be beneficial when designing these with provably composable security and efficiency in mind.",

author = "Carsten Baum and Bernardo David and Rafael Dowsley",

note = "Funding Information: Funded by the European Research Council (ERC) under the European Unions{\textquoteright} Horizon 2020 program under grant agreement No 669255 (MPCPRO). Supported by the Concordium Foundation and by the Independent Research Fund Denmark grants number 9040-00399B (TrA2C), number 9131-00075B (PUMA) and number 0165-00079B (Foundations of Privacy Preserving and Accountable Decentralized Protocols). Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; International Conference on Provable Security 2022, ProvSec 2022 ; Conference date: 11-11-2022 Through 12-11-2022",

year = "2022",

doi = "10.1007/978-3-031-20917-8_17",

language = "English",

isbn = "9783031209161",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "249--272",

editor = "Chunpeng Ge and Fuchun Guo",

booktitle = "Provable and Practical Security - 16th International Conference, ProvSec 2022 Nanjing, China, November 11–12, 2022 Proceedings",

url = "https://link.springer.com/book/10.1007/978-3-031-20917-8, https://provsec2022.github.io/ProvSec2022/",

}

Baum, C, David, B & Dowsley, R 2022, (Public) verifiability for composable protocols without adaptivity or zero-knowledge. in C Ge & F Guo (eds), Provable and Practical Security - 16th International Conference, ProvSec 2022 Nanjing, China, November 11–12, 2022 Proceedings. Lecture Notes in Computer Science, vol. 13600, Springer, Cham Switzerland, pp. 249-272, International Conference on Provable Security 2022, Nanjing, China, 11/11/22. https://doi.org/10.1007/978-3-031-20917-8_17

(Public) verifiability for composable protocols without adaptivity or zero-knowledge. / Baum, Carsten; David, Bernardo; Dowsley, Rafael.
Provable and Practical Security - 16th International Conference, ProvSec 2022 Nanjing, China, November 11–12, 2022 Proceedings. ed. / Chunpeng Ge; Fuchun Guo. Cham Switzerland: Springer, 2022. p. 249-272 (Lecture Notes in Computer Science; Vol. 13600).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - (Public) verifiability for composable protocols without adaptivity or zero-knowledge

AU - Baum, Carsten

AU - David, Bernardo

AU - Dowsley, Rafael

N1 - Conference code: 16th

PY - 2022

Y1 - 2022

N2 - The Universal Composability (UC) framework (FOCS ’01) is the current standard for proving security of cryptographic protocols under composition. It allows to reason about complex protocol structures in a bottom-up fashion: any building block that is UC-secure can be composed arbitrarily with any other UC-secure construction while retaining their security guarantees. Unfortunately, some protocol properties such as the verifiability of outputs require excessively strong tools to achieve in UC. In particular, “obviously secure” constructions cannot directly be shown to be UC-secure, and verifiability of building blocks does not easily carry over to verifiability of the composed construction. In this work, we study Non-Interactive (Public) Verifiability of UC protocols, i.e. under which conditions a verifier can ascertain that a party obtained a specific output from the protocol. The verifier may have been part of the protocol execution or not, as in the case of public verifiability. We consider a setting used in a number of applications where it is ok to reveal the input of the party whose output gets verified and analyze under which conditions such verifiability can generically be achieved using “cheap” cryptographic primitives. That is, we avoid having to rely on adaptively secure primitives or heavy computational tools such as NIZKs. As Non-Interactive Public Verifiability is crucial when composing protocols with a public ledger, our approach can be beneficial when designing these with provably composable security and efficiency in mind.

AB - The Universal Composability (UC) framework (FOCS ’01) is the current standard for proving security of cryptographic protocols under composition. It allows to reason about complex protocol structures in a bottom-up fashion: any building block that is UC-secure can be composed arbitrarily with any other UC-secure construction while retaining their security guarantees. Unfortunately, some protocol properties such as the verifiability of outputs require excessively strong tools to achieve in UC. In particular, “obviously secure” constructions cannot directly be shown to be UC-secure, and verifiability of building blocks does not easily carry over to verifiability of the composed construction. In this work, we study Non-Interactive (Public) Verifiability of UC protocols, i.e. under which conditions a verifier can ascertain that a party obtained a specific output from the protocol. The verifier may have been part of the protocol execution or not, as in the case of public verifiability. We consider a setting used in a number of applications where it is ok to reveal the input of the party whose output gets verified and analyze under which conditions such verifiability can generically be achieved using “cheap” cryptographic primitives. That is, we avoid having to rely on adaptively secure primitives or heavy computational tools such as NIZKs. As Non-Interactive Public Verifiability is crucial when composing protocols with a public ledger, our approach can be beneficial when designing these with provably composable security and efficiency in mind.

UR - http://www.scopus.com/inward/record.url?scp=85142713850&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-20917-8_17

DO - 10.1007/978-3-031-20917-8_17

M3 - Conference Paper

AN - SCOPUS:85142713850

SN - 9783031209161

T3 - Lecture Notes in Computer Science

SP - 249

EP - 272

BT - Provable and Practical Security - 16th International Conference, ProvSec 2022 Nanjing, China, November 11–12, 2022 Proceedings

A2 - Ge, Chunpeng

A2 - Guo, Fuchun

PB - Springer

CY - Cham Switzerland

T2 - International Conference on Provable Security 2022

Y2 - 11 November 2022 through 12 November 2022

ER -