A second note on the feasibility of generalized universal composability

Abstract

Yao et al. (A note on the feasibility of generalized universal composability.Theory and Applications of Models of Computationpp. 474–485, 2007; A note on the feasibility of generalised universal composability.Mathematical Structures in Computer Science,19(1), pp. 193–205) claimed a potential limitation on the class of protocols that could be securely implemented in the generalized universal composability (GUC) framework proposed by Canetti et al. (Universally composable security with global setup.Lecture Notes in Computer Science, pp. 61–85, 2007). Specifically, Yao et al. presented a concrete attack on a GUC Zero Knowledge (GUCZK) protocol, a natural adaptation Blum's ZK proof for Directed Hamiltonicity using the general GUC feasibility of Canetti et al. (Universally composable security with global setup.Lecture Notes in Computer Science, pp. 61–85, 2007). Interestingly, the attack was not analysed in the GUC model in Yao et al. (A note on the feasibility of generalised universal composability.Mathematical Structures in Computer Science19(1), pp. 193–205, 2009) but in theFUC model, a new UC-like framework proposed in the same work. Nonetheless, Yao et al. (A note on the feasibility of generalised universal composability.Mathematical Structures in Computer Science19(1), pp. 193–205, 2009) argued that, in light of this attack, GUC would lose its concurrent general composability and proof of knowledge properties. Concretely, they argue that GUC composability would now be with respect to some adversaries with limited access to external arbitrary protocols.In this work, we show that the claimed attack from Yao et al. is indeed harmless and does not contradict the security of the mentioned GUCZK protocol, thus restoring the general feasibility for GUC.