[PDF] Top 20 Universally Composable Security With Local Adversaries

... tapes: local input tapes, local subroutine output tapes, and communication ...the local input tapes of a particular ITI must include both the identity and the code of the intended target ITI, and the ... See full document

... strong security guarantees (like UC) by allowing parties to use hardware boxes that have certain security ...of security required from such a hardware box is that of tamper-proofness ; ...UC ... See full document

... All outputs from S 3 are distributed identically to the outputs of S 1 , assuming patching the random oracle does not fail. As argued previously, this only happens with negligible probability. Hence, when Z can ... See full document

... In this paper we explore the idea of actively malicious firewalls. We present a novel methodology to analyse architectures of multiple firewalls based on the Universal Composability (UC) framework. The UC framework ... See full document

... Signing module. To capture re-usability of keys within different protocols, we describe a signing module that accepts sign requests from its owner PID. This module can be thought of as a local service process, ... See full document

... The Ring Learning with Errors (RLWE) problem [LPR10] is a variant of the LWE problem [Reg05], which allows to construct more efficient and compact cryptosystems. It is conjectured that this problem is hard, even for ... See full document

... Remark 2 (Unobservability as a golden standard for email privacy). In our UC formalization of e-mail ecosystems, we consider a dynamic scenario where the clients register, go online/offline and make custom fetch ... See full document

... In light of these impossibility results, various trust assumptions have been studied in order to obtain UC-secure constructions. Among these, one of the most studied is that of tamper-proof hardware tokens. Hofheinz et ... See full document

... The UC framework [2] is a kind of formal method for the modular design and analysis of multi-party protocols. UC defines an additional entity called the environment Z. It feeds arbitrary inputs to the parties and the ... See full document

... the universally composable (UC) security model and thus preserves secu- rity when it is executed with multiple protocol instances that run concurrently in an adversarily controlled ... See full document

... Adaptive security is the established way to capture adver- saries breaking into computers during secure ...adaptive security does not prevent remote hacks where adversaries learn and modify a party’s ... See full document

... J v K 1 + J v K 2 + J v K 3 = v, where the share J v K i is kept by the i-th party P i . Messages depending on these shares are sent among the parties, hence it is important to rerandomize J v K before each use. The ... See full document

... Since it is the previous best, we compare our protocol to that of [NNOB12]. Our approach reduces the number of base-OTs by removing the “sacrifice” step of [NNOB12] (where one out of every 2 base-OTs are opened) but ... See full document

... to local com- putations in any real-world scheme, such as the initial creation of the key pair (including [25]) or the generation of a signature string (including ...idealized security guarantee, has often ... See full document

... ++ security model. We modify the m-CKS-heavy security notion from [18] by allowing an adversary A to make multiple (register honest user, ID) queries for the same ... See full document

... The universal composability (UC) framework [7] provides a way of analyzing protocols while en- suring strong security guarantees. In particular, protocols proven secure in this framework remain secure when run ... See full document

... Computational Complexity: The estimation is in terms of modular exponen- tiations executed for each card operation, since these operations tend to dominate the complexity. We present the amount of local ... See full document

... various security models and setup ...the security of protocols when composed with themselves or other protocols in arbitrary concurrent or sequential ...UC security was established, various different ... See full document

... Another set of challenges has to do with the modeling of the “imperfections” that one encounters when using the currently available mechanisms for measuring time. We consider two main methods for measuring time, each ... See full document

... Intuitively, security requires proving both hiding and binding in the presence of static and adaptive ...IND-CPA security of the encryption scheme combined with the fact that the receiver only sees n shares ... See full document