The iUC Framework

Flexible Universal Composability Made Simple

About the iUC Framework

The iUC framework is an expressive and user friendly universal composability model for the formal security analysis of protocols in a modular way. Universal composability is an important tool for taming the complexity of protocols by allowing for analyzing small parts of a protocol in isolation, which then directly implies security of the combined protocol. The iUC framework provides the so far best combination of expressiveness and ease of use in a universal composability model: it offers modeling conventions, including a template for specifying arbitrary protocols, and comes with a clear and simple syntax as well as sensible default values for many optional parts. At the same time, the iUC framework is highly customizable and includes only very minimal technical requirements, which allows for capturing a wide range of protocols and settings in natural and intuitive ways.

Features of the iUC Framework

The iUC framework provides full and seamless support for, besides others, all of the following:

  • All types of protocols considered in the universal composability literature, such as real, ideal, hybrid, joint-state, and global state protocols
  • Many interesting protocol features such as:
    • flexible protocol structures that allow for connecting individual protocol components in arbitrary ways
    • protocols with and without disjoint sessions
    • state that can be shared arbitrarily, even across sessions
    • locally chosen and/or globally managed session identifiers
    • protocols with and without runtime exhaustion
    • arbitrary combinations of all of the above
  • All composition types from the universal composability literature, including composition of protocols with/without disjoint sessions, composition with joint-state, composition with global state.
  • Composition types that have not been considered in the literature so far, such as a new type of joint-state composition for multiple protocols as well as combinations of the above composition types.

All of the above is supported via just a single template and a single main composition theorem, which is in contrast to many other universal composability models and is an important property that makes iUC more user friendly.

History

The iUC framework was created as an instantiation of the IITM model and published at [AsiaCrypt2019]. The IITM model, published at [CSFW06] with a full and revised version to appear in the Journal of Cryptology (see [eprint13] for the technical report), is a general model for universal composability that was developed by our institute. While the IITM model is very expressive, it, however, does not provide any modeling tools and hence requires some effort to model a protocol. These tools and conventions are added by the iUC framework to create the most expressive yet user friendly universal composability model to date. Both the IITM model and its instantiation the iUC framework have already been used successfully to model and analyze a wide range of protocols in a modular way (see literature below).

Literature and Publications

  1. 2020

    1. Ralf Küsters, Max Tuengerthal, and Daniel Rausch, “Joint State Theorems for Public-Key Encryption and Digital Signature Functionalities with Local Computation,” J. Cryptol., vol. 33, no. 4, pp. 1585--1658, 2020.
    2. Ralf Küsters, Max Tuengerthal, and Daniel Rausch, “The IITM Model: a Simple and Expressive Model for Universal Composability,” J. Cryptol., vol. 33, no. 4, pp. 1461--1584, 2020.
  2. 2019

    1. Jan Camenisch, Stephan Krenn, Ralf Küsters, and Daniel Rausch, “iUC: Flexible Universal Composability Made Simple,” in Advances in Cryptology - ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, December 8-12, 2019, Proceedings, Part III, 2019, vol. 11923, pp. 191--221.
    2. Jan Camenisch, Stephan Krenn, Ralf Küsters, and Daniel Rausch, “iUC: Flexible Universal Composability Made Simple,” Cryptology ePrint Archive, Technical Report 2019/1037, 2019.
  3. 2018

    1. Ralf Küsters, Max Tuengerthal, and Daniel Rausch, “The IITM Model: a Simple and Expressive Model for Universal Composability,” Cryptology ePrint Archive, Technical Report 2013/025, 2018. Available at http://eprint.iacr.org/2013/025/. This is an updated version of the technical report from 2013. Compared to the previous version, we added a discussion on Canetti’s UC model, version July 2013. We provided more examples of how the IITM model can be used. The actual model did not change at all.
  4. 2017

    1. Ralf Küsters and Daniel Rausch, “A Framework for Universally Composable Diffie-Hellman Key Exchange,” in IEEE 38th Symposium on Security and Privacy (S&P 2017), 2017, pp. 881--900.
    2. Ralf Küsters and Daniel Rausch, “A Framework for Universally Composable Diffie-Hellman Key Exchange,” Cryptology ePrint Archive, Technical Report 2017/256, 2017. Available at http://eprint.iacr.org/2017/256.
  5. 2016

    1. Jan Camenisch, Robert R. Enderlein, Stephan Krenn, Ralf Küsters, and Daniel Rausch, “Universal Composition with Responsive Environments,” in Advances in Cryptology - ASIACRYPT 2016 - 22nd International Conference on the Theory and Application of Cryptology and Information Security, 2016, pp. 807--840.
    2. Jan Camenisch, Robert R. Enderlein, Stephan Krenn, Ralf Küsters, and Daniel Rausch, “Universal Composition with Responsive Environments,” Cryptology ePrint Archive, Report 2016/034, 2016. Available at http://eprint.iacr.org/2016/034.
  6. 2013

    1. Max Tuengerthal, “Analysis of real-world security protocols in a universal composability framework,” University of Trier, Ph.D. Thesis, 2013.
    2. Ralf Küsters and Max Tuengerthal, “The IITM Model: a Simple and Expressive Model for Universal Composability,” Cryptology ePrint Archive, Technical Report 2013/025, 2013.
  7. 2011

    1. Ralf Küsters and Max Tuengerthal, “Composition Theorems Without Pre-Established Session Identifiers,” in Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS 2011), 2011, pp. 41–50.
    2. Ralf Küsters and Max Tuengerthal, “Composition Theorems Without Pre-Established Session Identifiers,” Cryptology ePrint Archive, Technical Report 2011/406, 2011.
    3. Ralf Küsters and Max Tuengerthal, “Ideal Key Derivation and Encryption in Simulation-Based Security,” in Topics in Cryptology - CT-RSA 2011, The Cryptographers’ Track at the RSA Conference 2011, Proceedings, 2011, vol. 6558, pp. 161–179.
  8. 2010

    1. Ralf Küsters and Max Tuengerthal, “Ideal Key Derivation and Encryption in Simulation-based Security,” Cryptology ePrint Archive, Technical Report 2010/295, 2010.
  9. 2009

    1. Ralf Küsters and Max Tuengerthal, “Universally Composable Symmetric Encryption,” in Proceedings of the 22nd IEEE Computer Security Foundations Symposium (CSF 2009), 2009, pp. 293--307.
    2. Ralf Küsters and Max Tuengerthal, “Universally Composable Symmetric Encryption,” Cryptology ePrint Archive, Technical Report 2009/055, 2009.
  10. 2008

    1. Ralf Küsters and Max Tuengerthal, “Joint State Theorems for Public-Key Encryption and Digital Signature Functionalities with Local Computation,” in Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF 2008), 2008, pp. 270–284.
    2. Ralf Küsters and Max Tuengerthal, “Joint State Theorems for Public-Key Encryption and Digital Signature Functionalities with Local Computation,” Cryptology ePrint Archive, Technical Report 2008/006, 2008.
  11. 2006

    1. Ralf Küsters, “Simulation-Based Security with Inexhaustible Interactive Turing Machines,” in Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW-19 2006), 2006, pp. 309--320.
    2. Ralf Küsters, “Simulation-Based Security with Inexhaustible Interactive Turing Machines,” Cryptology ePrint Archive, Technical Report 2006/151, 2006.

Acknowledgements

This work has been supported by Deutsche Forschungsgemeinschaft (DFG).

This picture showsRalf Küsters
Prof. Dr.

Ralf Küsters

Head of Institute

This picture showsDaniel Rausch
M.Sc.

Daniel Rausch

Ph.D. Student

To the top of the page