Proceedings of the forty-first annual ACM symposium on Theory of computing
Efficient Non-interactive Universally Composable String-Commitment Schemes
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
On the use of financial data as a random beacon
EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
Bringing people of different beliefs together to do UC
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Concurrently secure computation in constant rounds
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
A unified framework for UC from only OT
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Feasibility and completeness of cryptographic tasks in the quantum world
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
On the limits of provable anonymity
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Hi-index | 0.00 |
The Common Reference String (CRS) model equips all protocol participants with a common string that is sampled from a pre-specified distribution, say the uniform distribution. This model enables otherwise-impossible cryptographic goals such as removing interaction from protocols and guaranteeing composable security. However, knowing the precise distribution of the reference string seems crucial for all known protocols in this model, in the sense that current security analyses fail when the actual distribution of the reference string is allowed to differ from the specified one even by a small amount. This fact rules out many potential implementations of the CRS model, such as measurements of physical phenomena (like sunspots), or alternatively using random sources that might be adversarially influenced. We study the possibility of obtaining universally composable (UC) security in a relaxed variant of the CRS model, where the reference string it taken from an adversarially specified distribution that's unknown to the protocol. On the positive side, we demonstrate that UC general secure computation is obtainable even when the reference string is taken from an arbitrary, adversarially chosen distribution, as long as (a) this distribution has some minimal min-entropy, (b) it has not too long a description, (c) it is efficiently samplable, and (d) the sampling algorithm is known to the adversary (and simulator). On the negative side, we show that if any one of these four conditions is removed then general UC secure computation becomes essentially impossible.