Score:1

Are there any ways to tell if a cryptographic protocol is UC-secure before formally proven its UC-security?

ie flag

I do not quite understand the UC framework. Given a protocol to be proven, now I just know firstly we should write down the ideal functionality, and then the concrete protocol, then proving the protocol security realizes the ideal functionality by constructing several simulators. May I ask if it is true that we can tell if a protocol is UC-secure just from its ideal functionality?

Besides, in page 76 of Canetti's tutorial for UC framework: https://www.cs.tau.ac.il/~canetti/materials/sp09-sem-lec9.pdf, he gives an attack on the insecure composited protocol. My question is how to modify this composited protocol into a UC-secure one?

Score:4
bd flag

May I ask if it is true that we can tell if a protocol is UC-secure just from its ideal functionality?

I think the question is posed in the wrong direction. The principle behind UC security is that the ideal functionality is by definition the functionality that is desired. The functionality itself is neither secure nor insecure, it just is a model of the desired task.

A protocol, on the other hand, is considered secure, iff you can give a simulator that fakes a protocol run (transcript) that looks indistinguishable from the transcript of a real protocol run. The difficulty of the simulator is to come up with protocol messages that are consistent with the information provided from and given to the ideal functionality.

My question is how to modify this composited protocol into a UC-secure one?

Well, in general you would have to identify which information leaks from the protocol which does not leak from the ideal functionality that you try to realize. Unfortunately, I did not find a definition of the key exchange functionality that this protocol tries to realize in your reference. Therefore, you have to specify what exactly you are trying to model with the protocol in the first place.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.