TY - GEN
T1 - A zero-one law for cryptographic complexity with respect to computational UC security
AU - Maji, Hemanta K.
AU - Prabhakaran, Manoj
AU - Rosulek, Mike
N1 - Funding Information:
Work supported by NSF grants CNS 07-16626 and CNS 07-47027.
PY - 2010
Y1 - 2010
N2 - It is well-known that most cryptographic tasks do not have universally composable (UC) secure protocols, if no trusted setup is available in the framework. On the other hand, if a task like fair coin-tossing is available as a trusted setup, then all cryptographic tasks have UC-secure protocols. What other trusted setups allow UC-secure protocols for all tasks? More generally, given a particular setup, what tasks have UC-secure protocols? We show that, surprisingly, every trusted setup is either useless (equivalent to having no trusted setup) or all-powerful (allows UC-secure protocols for all tasks). There are no "intermediate" trusted setups in the UC framework. We prove this zero-one law under a natural intractability assumption, and consider the class of deterministic, finite, 2-party functionalities as candidate trusted setups. One important technical contribution in this work is to initiate the comprehensive study of the cryptographic properties of reactive functionalities. We model these functionalities as finite automata and develop an automata-theoretic methodology for classifying and studying their cryptographic properties. Consequently, we completely characterize the reactive behaviors that lead to cryptographic non-triviality. Another contribution of independent interest is to optimize the hardness assumption used by Canetti et al. (STOC 2002) in showing that the common random string functionality is complete (a result independently obtained by Damgård et al. (TCC 2010)).
AB - It is well-known that most cryptographic tasks do not have universally composable (UC) secure protocols, if no trusted setup is available in the framework. On the other hand, if a task like fair coin-tossing is available as a trusted setup, then all cryptographic tasks have UC-secure protocols. What other trusted setups allow UC-secure protocols for all tasks? More generally, given a particular setup, what tasks have UC-secure protocols? We show that, surprisingly, every trusted setup is either useless (equivalent to having no trusted setup) or all-powerful (allows UC-secure protocols for all tasks). There are no "intermediate" trusted setups in the UC framework. We prove this zero-one law under a natural intractability assumption, and consider the class of deterministic, finite, 2-party functionalities as candidate trusted setups. One important technical contribution in this work is to initiate the comprehensive study of the cryptographic properties of reactive functionalities. We model these functionalities as finite automata and develop an automata-theoretic methodology for classifying and studying their cryptographic properties. Consequently, we completely characterize the reactive behaviors that lead to cryptographic non-triviality. Another contribution of independent interest is to optimize the hardness assumption used by Canetti et al. (STOC 2002) in showing that the common random string functionality is complete (a result independently obtained by Damgård et al. (TCC 2010)).
UR - http://www.scopus.com/inward/record.url?scp=77956989091&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77956989091&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-14623-7_32
DO - 10.1007/978-3-642-14623-7_32
M3 - Conference contribution
AN - SCOPUS:77956989091
SN - 3642146228
SN - 9783642146220
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 595
EP - 612
BT - Advances in Cryptology - CRYPTO 2010 - 30th Annual Cryptology Conference, Proceedings
T2 - 30th Annual International Cryptology Conference, CRYPTO 2010
Y2 - 15 August 2010 through 19 August 2010
ER -