Journal of Cryptology

, Volume 32, Issue 3, pp 635–689 | Cite as

On Black-Box Complexity of Universally Composable Security in the CRS Model

  • Carmit HazayEmail author
  • Muthuramakrishnan Venkitasubramaniam


In this work, we study the intrinsic complexity of black-box Universally Composable (UC) secure computation based on general assumptions. We present a thorough study in various corruption modelings while focusing on achieving security in the common reference string (CRS) model. Our results involve the following:
  • Static UC secure computation. Designing the first static UC oblivious transfer protocol based on public-key encryption and stand-alone semi-honest oblivious transfer. As a corollary, we obtain the first black-box constructions of UC secure computation assuming only two-round semi-honest oblivious transfer.

  • One-sided UC secure computation. Designing adaptive UC two-party computation with single corruptions assuming public-key encryption with oblivious ciphertext generation.

  • Adaptive UC secure computation. Designing adaptively secure UC commitment scheme assuming only public-key encryption with oblivious ciphertext generation. As a corollary, we obtain the first black-box constructions of adaptive UC secure computation assuming only (trapdoor) simulatable public-key encryption (as well as a variety of concrete assumptions).

    We remark that such a result was not known even under non-black-box constructions.


UC secure computation Black-box constructions Oblivious transfer UC commitments 


Supplementary material


  1. 1.
    B. Barak, R. Canetti, J.B. Nielsen, R. Pass, Universally composable protocols with relaxed set-up assumptions, in FOCS, (2004), pp. 186–195Google Scholar
  2. 2.
    O. Blazy, C. Chevalier, D. Pointcheval, D. Vergnaud, Analysis and improvement of lindell’s uc-secure commitment schemes, in ACNS, (2013), pp. 534–551Google Scholar
  3. 3.
    D. Beaver, Foundations of secure interactive computing, in CRYPTO, (1991), pp. 377–391Google Scholar
  4. 4.
    R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, in FOCS, (2001), pp. 136–145Google Scholar
  5. 5.
    S.G. Choi, D. Dachman-Soled, T. Malkin, H. Wee, Improved non-committing encryption with applications to adaptively secure protocols, in ASIACRYPT, (2009), pp. 287–302Google Scholar
  6. 6.
    S.G. Choi, D. Dachman-Soled, T. Malkin, H. Wee, Simple, black-box constructions of adaptively secure protocols, in TCC, (2009), pp. 387–402Google Scholar
  7. 7.
    R. Canetti, Y. Dodis, R. Pass, S. Walfish, Universally composable security with global setup, in TCC, (2007), pp. 61–85Google Scholar
  8. 8.
    R. Canetti, M. Fischlin, Universally composable commitments, in CRYPTO, (2001), pp. 19–40Google Scholar
  9. 9.
    R. Canetti, U. Feige, O. Goldreich, M. Naor, Adaptively secure multi-party computation, in STOC, (1996), pp. 639–648Google Scholar
  10. 10.
    R. Canetti, E. Kushilevitz, Y. Lindell, On the limitations of universally composable two-party computation without set-up assumptions. J. Cryptol. 19(2), 135–167 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    S.G. Choi, J. Katz, H. Wee, H.-S. Zhou, Efficient, adaptively secure, and composable oblivious transfer with a single, global CRS, in PKC, (2013), pp. 73–88Google Scholar
  12. 12.
    R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai, Universally composable two-party and multi-party secure computation, in STOC, (2002), pp. 494–503Google Scholar
  13. 13.
    R. Canetti, R. Pass, A. Shelat, Cryptography from sunspots: how to use an imperfect reference string, in FOCS, (2007), pp. 249–259Google Scholar
  14. 14.
    B. David, R. Dowsley, A.C.A. Nascimento, Universally composable oblivious transfer based on a variant of LPN, in CANS, (2014), pp. 143–158Google Scholar
  15. 15.
    I. Damgård, J. Groth, Non-interactive and reusable non-malleable commitment schemes, in STOC, (2003), pp. 426–437Google Scholar
  16. 16.
    D. Dachman-Soled, T. Malkin, M. Raykova, M. Venkitasubramaniam, Adaptive and concurrent secure computation from new adaptive, non-malleable commitments, in ASIACRYPT, (2013), pp. 316–336Google Scholar
  17. 17.
    I. Damgård, J.B. Nielsen, Improved non-committing encryption schemes based on a general complexity assumption, in CRYPTO, (2000), pp. 432–450Google Scholar
  18. 18.
    I. Damgård, J.B. Nielsen, Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor, in CRYPTO, (2002), pp. 581–596Google Scholar
  19. 19.
    B.M. David, A.C.A. Nascimento, J. Müller-Quade, Universally composable oblivious transfer from lossy encryption and the mceliece assumptions, in ICITS, (2012), pp. 80–99Google Scholar
  20. 20.
    I. Damgård, J.B. Nielsen, C. Orlandi, On the necessary and sufficient assumptions for UC computation, in TCC, (2010), pp. 109–127Google Scholar
  21. 21.
    I. Damgård, A. Scafuro, Unconditionally secure and universally composable commitments from physical assumptions, in ASIACRYPT, (2013), pp. 100–119Google Scholar
  22. 22.
    S. Even, O. Goldreich, A. Lempel, A randomized protocol for signing contracts. Commun. ACM, 28(6), 637–647 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Y. Gertner, S. Kannan, T. Malkin, O. Reingold, M. Viswanathan, The relationship between public key encryption and oblivious transfer, in FOCS, (2000), pp. 325–335Google Scholar
  24. 24.
    V. Goyal, C.-K. Lee, R. Ostrovsky, I. Visconti, Constructing non-malleable commitments: a black-box approach, in FOCS, (2012), pp. 51–60Google Scholar
  25. 25.
    O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or A completeness theorem for protocols with honest majority, in STOC, (1987), pp. 218–229Google Scholar
  26. 26.
    O. Goldreich, Foundations of Cryptography: Basic Tools. (Cambridge University Press, Cambridge, 2001)CrossRefzbMATHGoogle Scholar
  27. 27.
    I. Haitner, Semi-honest to malicious oblivious transfer—the black-box way, in TCC, (2008), pp. 412–426Google Scholar
  28. 28.
    I. Haitner, Y. Ishai, E. Kushilevitz, Y. Lindell, E. Petrank, Black-box constructions of protocols for secure computation. SIAM J. Comput. 40(2), 225–266 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    S. Halevi, Y.T. Kalai, Smooth projective hashing and two-message oblivious transfer. J. Cryptol., 25(1):158–193 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    C. Hazay, A. Patra, One-sided adaptively secure two-party computation, in TCC, (2014), pp. 368–393Google Scholar
  31. 31.
    C. Hazay, M. Venkitasubramaniam, On black-box complexity of universally composable security in the CRS model. IACR Cryptol. ePrint Arch., 2015, 488 (2015)zbMATHGoogle Scholar
  32. 32.
    Y. Ishai, E. Kushilevitz, Y. Lindell, E. Petrank, Black-box constructions for secure computation, in STOC, (2006), pp. 99–108Google Scholar
  33. 33.
    Y. Ishai, M. Prabhakaran, A. Sahai, Founding cryptography on oblivious transfer—efficiently, in CRYPTO, (2008), pp. 572–591Google Scholar
  34. 34.
    R. Impagliazzo, S. Rudich, Limits on the provable consequences of one-way permutations, in CRYPTO, (1988), pp. 8–26Google Scholar
  35. 35.
    J. Kilian, Founding cryptography on oblivious transfer, in STOC, (1988), pp. 20–31Google Scholar
  36. 36.
    Y.T. Kalai, Y. Lindell, M. Prabhakaran, Concurrent composition of secure protocols in the timing model. J. Cryptol., 20(4), 431–492 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  37. 37.
    S. Kiyoshima, H. Lin, M. Venkitasubramaniam, A unified approach to constructing black-box UC protocols in trusted setup models, in TCC, (2017), pp. 776–809Google Scholar
  38. 38.
    J. Katz, R. Ostrovsky, Round-optimal secure two-party computation, in CRYPTO, (2004), pp. 335–354Google Scholar
  39. 39.
    Y. Lindell, General composition and universal composability in secure multi-party computation, in FOCS, (2003), pp. 394–403Google Scholar
  40. 40.
    Y. Lindell, Adaptively secure two-party computation with erasures, in CT-RSA, (2009), pp. 117–132Google Scholar
  41. 41.
    Y. Lindell, Highly-efficient universally-composable commitments based on the DDH assumption, in EUROCRYPT, (2011), pp. 446–466Google Scholar
  42. 42.
    H. Lin, R. Pass, Black-box constructions of composable protocols without set-up, in CRYPTO, (2012), pp. 461–478Google Scholar
  43. 43.
    H. Lin, R. Pass, M. Venkitasubramaniam, A unified framework for concurrent security: universal composability from stand-alone non-malleability, in STOC, (2009), pp. 179–188Google Scholar
  44. 44.
    H. Lin, R. Pass, M. Venkitasubramaniam, A unified framework for UC from only OT, in ASIACRYPT, (2012), pp. 699–717Google Scholar
  45. 45.
    Y. Lindell, H. Zarosim, Adaptive zero-knowledge proofs and adaptively secure oblivious transfer, in TCC, (2009), pp. 183–201Google Scholar
  46. 46.
    H.K. Maji, M. Prabhakaran, M. Rosulek, A zero-one law for cryptographic complexity with respect to computational UC security, in CRYPTO, (2010), pp. 595–612Google Scholar
  47. 47.
    S. Micali, P. Rogaway, Secure computation (abstract), in CRYPTO, (1991), pp. 392–404Google Scholar
  48. 48.
    C. Peikert, V. Vaikuntanathan, B. Waters, A framework for efficient and composable oblivious transfer, in CRYPTO, (2008), pp. 554–571Google Scholar
  49. 49.
    R. Pass, H. Wee, Black-box constructions of two-party protocols from one-way functions, in TCC, (2009), pp. 403–418Google Scholar
  50. 50.
    A. Shamir, How to share a secret. Commun. ACM, 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  51. 51.
    A.C.-C. Yao, How to generate and exchange secrets (extended abstract), in FCOS, (1986), pp. 162–167Google Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Carmit Hazay
    • 1
    Email author
  • Muthuramakrishnan Venkitasubramaniam
    • 2
  1. 1.Faculty of EngineeringBar-Ilan UniversityRamat GanIsrael
  2. 2.University of RochesterRochesterUSA

Personalised recommendations