General composition and universal composability in secure multiparty computation (Q1027983)

An important part of theoretical cryptography deals with definitions and models of security. One difficulty in this area is that there is no unique natural model for each purpose, and various models have to be studied and compared. The paper deals mainly with two such models, or definitions, of security, related to secure protocols running concurrently with other protocols: \textit{universal composability} and \textit{concurrent general composition}. Canetti has shown that security under universal composability implies concurrent general composition. While the converse implication remains open, the author proves that natural variants of universal composability and concurrent general composition are equivalent. The ramifications of this technical result are significant. Specifically, it is known that it is impossible to achieve universal composability in the plain model; thus in order to achieve this level of security a trusted setup phase is used. Concurrent general composition models the weakest natural way of defining security when protocols run concurrently with other protocols. The fact that this notion implies a variant of universal composability for which all the impossibility results hold, means that the impossibility results all carry over to the definition of concurrent general composition.