Universal Composition with Global Subroutines: Capturing Global Setup within plain UC
Abstract
The Global and Externalized UC frameworks [Canetti-Dodis-Pass-Walfish, TCC 07] extend the plain UC framework to additionally handle protocols that use a “global setup”, namely a mechanism that is also used by entities outside the protocol. These frameworks have broad applicability: Examples include public-key infrastructures, common reference strings, shared synchronization mechanisms, global blockchains, or even abstractions such as the random oracle. However, the need to work in a specialized framework has been a source of confusion, incompatibility, and an impediment to broader use. We show how security in the presence of a global setup can be captured within the plain UC framework, thus significantly simplifying the treatment. This is done as follows: • We extend UC-emulation to the case where both the emulating protocol π and the emulated protocol φ make subroutine calls to protocol γ that is accessible also outside π and φ. As usual, this notion considers only a single instance of φ or π (alongside γ). • We extend the UC theorem to hold even with respect to the new notion of UC emulation. That is, we show that if π UC-emulates φ in the presence of γ, then ρ φ→π UC-emulates ρ for any protocol ρ, even when ρ uses γ directly, and in addition calls many instances of φ, all of which use the same instance of γ. We prove this extension using the existing UC theorem as a black box, thus further simplifying the treatment. We also exemplify how our treatment can be used to streamline, within the plain UC model, proofs of security of systems that involve global set-up, thus providing greater simplicity and flexibility.