Overcoming Impossibility Results in Composable Security Using Interval-Wise Guarantees View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2020-08-10

AUTHORS

Daniel Jost , Ueli Maurer

ABSTRACT

Composable security definitions, at times called simulation-based definitions, provide strong security guarantees that hold in any context. However, they are also met with some skepticism due to many impossibility results; goals such as commitments and zero-knowledge that are achievable in a stand-alone sense were shown to be unachievable composably (without a setup) since provably no efficient simulator exists. In particular, in the context of adaptive security, the so-called “simulator commitment problem” arises: once a party gets corrupted, an efficient simulator is unable to be consistent with its pre-corruption outputs. A natural question is whether such impossibility results are unavoidable or only artifacts of frameworks being too restrictive.In this work, we propose a novel type of composable security statement that evades the commitment problem. Our new type is able to express the composable guarantees of schemes that previously did not have a clear composable understanding. To this end, we leverage the concept of system specifications in the Constructive Cryptography framework, capturing the conjunction of several interval-wise guarantees, each specifying the guarantees between two events. We develop the required theory and present the corresponding new composition theorem.We present three applications of our theory. First, we show in the context of symmetric encryption with adaptive corruption how our notion naturally captures the expected confidentiality guarantee—the messages remain confidential until either party gets corrupted—and that it can be achieved by any standard semantically secure scheme (negating the need for non-committing encryption). Second, we present a composable formalization of (so far only known to be standalone secure) commitment protocols, which is instantiable without a trusted setup like a CRS. We show it to be sufficient for being used in coin tossing over the telephone, one of the early intuitive applications of commitments. Third, we reexamine a result by Hofheinz, Matt, and Maurer [Asiacrypt’15] implying that IND-ID-CPA security is not the right notion for identity-based encryption, unmasking this claim as an unnecessary framework artifact. More... »

PAGES

33-62

Book

TITLE

Advances in Cryptology – CRYPTO 2020

ISBN

978-3-030-56783-5
978-3-030-56784-2

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-030-56784-2_2

DOI

http://dx.doi.org/10.1007/978-3-030-56784-2_2

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1130046296


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland", 
          "id": "http://www.grid.ac/institutes/grid.5801.c", 
          "name": [
            "Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Jost", 
        "givenName": "Daniel", 
        "id": "sg:person.013356446515.02", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013356446515.02"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland", 
          "id": "http://www.grid.ac/institutes/grid.5801.c", 
          "name": [
            "Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Maurer", 
        "givenName": "Ueli", 
        "id": "sg:person.01316567627.91", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01316567627.91"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2020-08-10", 
    "datePublishedReg": "2020-08-10", 
    "description": "Composable security definitions, at times called simulation-based definitions, provide strong security guarantees that hold in any context. However, they are also met with some skepticism due to many impossibility results; goals such as commitments and zero-knowledge that are achievable in a stand-alone sense were shown to be unachievable composably (without a setup) since provably no efficient simulator exists. In particular, in the context of adaptive security, the so-called \u201csimulator commitment problem\u201d arises: once a party gets corrupted, an efficient simulator is unable to be consistent with its pre-corruption outputs. A natural question is whether such impossibility results are unavoidable or only artifacts of frameworks being too restrictive.In this work, we propose a novel type of composable security statement that evades the commitment problem. Our new type is able to express the composable guarantees of schemes that previously did not have a clear composable understanding. To this end, we leverage the concept of system specifications in the Constructive Cryptography framework, capturing the conjunction of several interval-wise guarantees, each specifying the guarantees between two events. We develop the required theory and present the corresponding new composition theorem.We present three applications of our theory. First, we show in the context of symmetric encryption with adaptive corruption how our notion naturally captures the expected confidentiality guarantee\u2014the messages remain confidential until either party gets corrupted\u2014and that it can be achieved by any standard semantically secure scheme (negating the need for non-committing encryption). Second, we present a composable formalization of (so far only known to be standalone secure) commitment protocols, which is instantiable without a trusted setup like a CRS. We show it to be sufficient for being used in coin tossing over the telephone, one of the early intuitive applications of commitments. Third, we reexamine a result by Hofheinz, Matt, and Maurer [Asiacrypt\u201915] implying that IND-ID-CPA security is not the right notion for identity-based encryption, unmasking this claim as an unnecessary framework artifact.", 
    "editor": [
      {
        "familyName": "Micciancio", 
        "givenName": "Daniele", 
        "type": "Person"
      }, 
      {
        "familyName": "Ristenpart", 
        "givenName": "Thomas", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-030-56784-2_2", 
    "inLanguage": "en", 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-030-56783-5", 
        "978-3-030-56784-2"
      ], 
      "name": "Advances in Cryptology \u2013 CRYPTO 2020", 
      "type": "Book"
    }, 
    "keywords": [
      "efficient simulator", 
      "constructive cryptography framework", 
      "strong security guarantees", 
      "identity-based encryption", 
      "simulation-based definition", 
      "composable security definition", 
      "such impossibility results", 
      "impossibility results", 
      "symmetric encryption", 
      "secure scheme", 
      "CPA security", 
      "security definitions", 
      "security guarantees", 
      "adaptive security", 
      "zero-knowledge", 
      "IND-ID", 
      "adaptive corruptions", 
      "composable security", 
      "system specification", 
      "security statements", 
      "intuitive application", 
      "commitment protocol", 
      "composition theorem", 
      "encryption", 
      "guarantees", 
      "security", 
      "commitment problem", 
      "simulator", 
      "required theory", 
      "natural question", 
      "scheme", 
      "framework", 
      "confidentiality", 
      "right notion", 
      "artifacts", 
      "Hofheinz", 
      "formalization", 
      "applications", 
      "new composition theorem", 
      "messages", 
      "specification", 
      "context", 
      "parties", 
      "new type", 
      "protocol", 
      "definition", 
      "Maurer", 
      "only artifacts", 
      "notion", 
      "goal", 
      "concept", 
      "setup", 
      "output", 
      "results", 
      "work", 
      "coins", 
      "time", 
      "corruption", 
      "end", 
      "types", 
      "telephone", 
      "theory", 
      "sense", 
      "novel type", 
      "impossibility", 
      "statements", 
      "conjunction", 
      "questions", 
      "theorem", 
      "Matt", 
      "events", 
      "understanding", 
      "commitment", 
      "claims", 
      "CRS", 
      "skepticism", 
      "problem"
    ], 
    "name": "Overcoming Impossibility Results in Composable Security Using Interval-Wise Guarantees", 
    "pagination": "33-62", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1130046296"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-030-56784-2_2"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-030-56784-2_2", 
      "https://app.dimensions.ai/details/publication/pub.1130046296"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-05-20T07:41", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220519/entities/gbq_results/chapter/chapter_0.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-030-56784-2_2"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-56784-2_2'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-56784-2_2'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-56784-2_2'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-56784-2_2'


 

This table displays all metadata directly associated to this object as RDF triples.

149 TRIPLES      23 PREDICATES      102 URIs      95 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-030-56784-2_2 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author N9d8204a386b64bf0aa2193fcd98f6408
4 schema:datePublished 2020-08-10
5 schema:datePublishedReg 2020-08-10
6 schema:description Composable security definitions, at times called simulation-based definitions, provide strong security guarantees that hold in any context. However, they are also met with some skepticism due to many impossibility results; goals such as commitments and zero-knowledge that are achievable in a stand-alone sense were shown to be unachievable composably (without a setup) since provably no efficient simulator exists. In particular, in the context of adaptive security, the so-called “simulator commitment problem” arises: once a party gets corrupted, an efficient simulator is unable to be consistent with its pre-corruption outputs. A natural question is whether such impossibility results are unavoidable or only artifacts of frameworks being too restrictive.In this work, we propose a novel type of composable security statement that evades the commitment problem. Our new type is able to express the composable guarantees of schemes that previously did not have a clear composable understanding. To this end, we leverage the concept of system specifications in the Constructive Cryptography framework, capturing the conjunction of several interval-wise guarantees, each specifying the guarantees between two events. We develop the required theory and present the corresponding new composition theorem.We present three applications of our theory. First, we show in the context of symmetric encryption with adaptive corruption how our notion naturally captures the expected confidentiality guarantee—the messages remain confidential until either party gets corrupted—and that it can be achieved by any standard semantically secure scheme (negating the need for non-committing encryption). Second, we present a composable formalization of (so far only known to be standalone secure) commitment protocols, which is instantiable without a trusted setup like a CRS. We show it to be sufficient for being used in coin tossing over the telephone, one of the early intuitive applications of commitments. Third, we reexamine a result by Hofheinz, Matt, and Maurer [Asiacrypt’15] implying that IND-ID-CPA security is not the right notion for identity-based encryption, unmasking this claim as an unnecessary framework artifact.
7 schema:editor N0c37833747d1448c955bdb8015081a6a
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree false
11 schema:isPartOf Nca7fc6f54c054bc1a9f21a04d9e86318
12 schema:keywords CPA security
13 CRS
14 Hofheinz
15 IND-ID
16 Matt
17 Maurer
18 adaptive corruptions
19 adaptive security
20 applications
21 artifacts
22 claims
23 coins
24 commitment
25 commitment problem
26 commitment protocol
27 composable security
28 composable security definition
29 composition theorem
30 concept
31 confidentiality
32 conjunction
33 constructive cryptography framework
34 context
35 corruption
36 definition
37 efficient simulator
38 encryption
39 end
40 events
41 formalization
42 framework
43 goal
44 guarantees
45 identity-based encryption
46 impossibility
47 impossibility results
48 intuitive application
49 messages
50 natural question
51 new composition theorem
52 new type
53 notion
54 novel type
55 only artifacts
56 output
57 parties
58 problem
59 protocol
60 questions
61 required theory
62 results
63 right notion
64 scheme
65 secure scheme
66 security
67 security definitions
68 security guarantees
69 security statements
70 sense
71 setup
72 simulation-based definition
73 simulator
74 skepticism
75 specification
76 statements
77 strong security guarantees
78 such impossibility results
79 symmetric encryption
80 system specification
81 telephone
82 theorem
83 theory
84 time
85 types
86 understanding
87 work
88 zero-knowledge
89 schema:name Overcoming Impossibility Results in Composable Security Using Interval-Wise Guarantees
90 schema:pagination 33-62
91 schema:productId N5afa73f7a54242fe8ce9d22dec5c3554
92 N894bbbdb456445fe8f955ed5d0689e26
93 schema:publisher N224f2b6c42d8424cbe1cd1b30fd9dc3e
94 schema:sameAs https://app.dimensions.ai/details/publication/pub.1130046296
95 https://doi.org/10.1007/978-3-030-56784-2_2
96 schema:sdDatePublished 2022-05-20T07:41
97 schema:sdLicense https://scigraph.springernature.com/explorer/license/
98 schema:sdPublisher Nc755b7ae470d4913a71ea396673b8cd5
99 schema:url https://doi.org/10.1007/978-3-030-56784-2_2
100 sgo:license sg:explorer/license/
101 sgo:sdDataset chapters
102 rdf:type schema:Chapter
103 N0c37833747d1448c955bdb8015081a6a rdf:first N8207559767c94faf98400a7478d1ff86
104 rdf:rest N497ea828ffab421cbe53b197bb08e2e7
105 N224f2b6c42d8424cbe1cd1b30fd9dc3e schema:name Springer Nature
106 rdf:type schema:Organisation
107 N497ea828ffab421cbe53b197bb08e2e7 rdf:first Nf66ac97a0da34861b061cda87e4f1cf0
108 rdf:rest rdf:nil
109 N5afa73f7a54242fe8ce9d22dec5c3554 schema:name doi
110 schema:value 10.1007/978-3-030-56784-2_2
111 rdf:type schema:PropertyValue
112 N8207559767c94faf98400a7478d1ff86 schema:familyName Micciancio
113 schema:givenName Daniele
114 rdf:type schema:Person
115 N894bbbdb456445fe8f955ed5d0689e26 schema:name dimensions_id
116 schema:value pub.1130046296
117 rdf:type schema:PropertyValue
118 N8cac17ed19dc471fbe74c8dfba720a8e rdf:first sg:person.01316567627.91
119 rdf:rest rdf:nil
120 N9d8204a386b64bf0aa2193fcd98f6408 rdf:first sg:person.013356446515.02
121 rdf:rest N8cac17ed19dc471fbe74c8dfba720a8e
122 Nc755b7ae470d4913a71ea396673b8cd5 schema:name Springer Nature - SN SciGraph project
123 rdf:type schema:Organization
124 Nca7fc6f54c054bc1a9f21a04d9e86318 schema:isbn 978-3-030-56783-5
125 978-3-030-56784-2
126 schema:name Advances in Cryptology – CRYPTO 2020
127 rdf:type schema:Book
128 Nf66ac97a0da34861b061cda87e4f1cf0 schema:familyName Ristenpart
129 schema:givenName Thomas
130 rdf:type schema:Person
131 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
132 schema:name Information and Computing Sciences
133 rdf:type schema:DefinedTerm
134 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
135 schema:name Data Format
136 rdf:type schema:DefinedTerm
137 sg:person.01316567627.91 schema:affiliation grid-institutes:grid.5801.c
138 schema:familyName Maurer
139 schema:givenName Ueli
140 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01316567627.91
141 rdf:type schema:Person
142 sg:person.013356446515.02 schema:affiliation grid-institutes:grid.5801.c
143 schema:familyName Jost
144 schema:givenName Daniel
145 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013356446515.02
146 rdf:type schema:Person
147 grid-institutes:grid.5801.c schema:alternateName Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland
148 schema:name Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland
149 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...