Oded's choices (Nr. 18)

(1) Non-Malleability Amplification

by Huijia Lin and Rafael Pass

(2) A Unified Framework for Concurrent Security: Universal Composability from Stand-alone Non-malleability

by Huijia Lin and Rafael Pass and Muthuramakrishnan Venkitasubramaniam

Oded's comments

The key definition is of a $c$-robust NMC, which is a commitment scheme that remains non-malleabily secure also when run in parallel to a single (execution of) an arbitrary $c$-round protocol, where $c$ is a constant (e.g., $c=4$ will do). (In the papers, $c$-robust protocols are called "natural", because it is quite easy to obtain it from the basic case (of $c=0$).)
The first work present several interesting techniques for the construction on NMC, including a transformation of any $k$-round $c$-robust NMC into a $O(k)$-round NMC that is both $c$-robust and maintains security under concurrent self-composition. This transformation applies also in the case that security holds only wrt $t$-bit long IDs (where standard NMC essentially corresponds to IDs of linear length). Another crucial ingrediant is a transformation of any ($c$-robust) protocol that is secure under self-composition wrt $t$-bit long IDs into a ($c$-robust) protocol that is secure wrt $2^{t-1}$-bit long IDs, where the latter protocol is no longer secure under self-composition but maintains the round complexity of the original protocol. Iterating these two steps for $log^*$ times, we obtain a $log^*$-round NMC that (is $c$-robust and) maintains security under concurrent self-composition. Indeed, this is another incarnation of the amplification approach (i.e., obtaining a remarkable result by starting from a known result and applying a sequence of iterartions such that each iteration improves the construct in a relatively moderate manner).
The second work present a unified framework for constructing environmentally-secure (aka UC-secure) two-party protocols in various models (including various set-up assumptions and weak notions of security such as quasi-PPT simulation). The framework uses a $c$-robust NMC and refers to a rather generic gadget, called a "UC-puzzle", that provides (execution) "soundness" w.r.t environments and (statistical) stand-alone "secrecy" (via simulation). Intuitively, environmental-"secrecy" is obtained via the NMC, which allows for simple instantiations of the UC-puzzle.
Taken together, these works provide a host of techniques for the construction of NMC and a very important application of NMC, which may view as no less than a justification for the large effort invested in the construction of NMC.

The original abstract of (1)

We show a technique for amplifying commitment schemes that are non-malleable with respect to identities of length t, into ones that are non-malleable with respect to identities of length $\Omega(2^t)$, while only incurring a constant overhead in round-complexity. As a result we obtain a construction of $O(1)^{log^* n}$-round (i.e., "essentially" constant-round) non-malleable commitments from any one-way function, and using a black-box proof of security.

The original abstract of (2)

We present a unified framework for obtaining Universally Composable (UC) protocols by relying on stand-alone secure non-malleable commitments. Essentially all results on concurrent secure computation---both in relaxed models (e.g., quasi-polynomial time simulation), or with trusted set-up assumptions (e.g., the CRS model, the imperfect CRS model, or the timing model)---are obtained as special cases of our framework. This not only leads to conceptually simpler solutions, but also to improved set-up assumptions, round-complexity, and computational assumptions. Additionally, this framework allows us to consider new relaxed models of security: we show that UC security where the adversary is a uniform PPT but the simulator is allowed to be a non-uniform PPT (i.e., essentially, traditional UC security, but with a non-uniform reduction) is possible without any trusted set-up. This gives the first results on concurrent secure computation without set-up, which can be used for securely computing ``computationally-sensitive'' functionalities (e.g., data-base queries, ``proof of work''-protocols, or playing bridge on the Internet).

Back to list of Oded's choices.