The ABC4Trust web-team congratulates our colleague Jan Camisch from IBM Research - Zurich as well as the co-authors Stephan Krenn and Victor Shoup for being awarded with the Best Paper Award at the 17th annual AsiaCrypt Conference held in Seoul, Korea, on December 4th - 8th, 2011.
The paper provides a method to design efficient cryptographic proof protocols that can be proven secure in a very strong security model. This assures that a protocols security is retained no matter in what environment a protocol is used. An example of such protocols are the privacy-enhancing technologies designed and applied in the ABC4Trust project.
The contribution with the title "A Framework for Practical Universally Composable Zero-Knowledge Protocols" has been published in the Springer LNCS series.
Zero-knowledge proofs of knowledge (ZK-PoK) for discrete logarithms and related problems are indispensable for practical cryptographic protocols. Recently, Camenisch, Kiayias, and Yung provided a specification language (the CKY-language) for such protocols which allows for a modular design and protocol analysis: for every zero-knowledge proof specified in this language, protocol designers are ensured that there exists an efficient protocol which indeed proves the specified statement.
However, the protocols resulting from their compilation techniques only satisfy the classical notion of ZK-PoK, which is not retained are when they used as building blocks for higher-level applications or composed with other protocols. This problem can be tackled by moving to the Universal Composability (UC) framework, which guarantees retention of security when composing protocols in arbitrary ways. While there exist generic transformations from Σ-protocols to UC-secure protocols, these transformation are often too inefficient for practice.
In this paper we introduce a specification language akin to the CKY-language and a compiler such that the resulting protocols are UC-secure and efficient. To this end, we propose an extension of the UC-framework addressing the issue that UC-secure zero-knowledge proofs are by definition proofs of knowledge, and state a special composition theorem which allows one to use the weaker – but more efficient and often sufficient – notion of proofs of membership in the UC-framework. We believe that our contributions enable the design of practically efficient protocols that are UC-secure and thus themselves can be used as building blocks.
To download the full paper see Springerlink