**Long-term Security and Universal Composability** (TCC 2007)

Jörn Müller-Quade, Dominique Unruh

[ eprint | official ]

Algorithmic progress and future technology threaten today’s cryptographic protocols. Long-term secure protocols should not even in future reveal more information to a–then possibly unlimited–adversary.

In this work we initiate the study of protocols which are long-term secure and universally composable. We show that the usual set-up assumptions used for UC protocols (e.g., a common reference string) are not sufficient to achieve long-term secure and composable protocols for commitments or general zero knowledge arguments. Surprisingly, nontrivial zero knowledge protocols are possible based on a coin tossing functionality: We give a long-term secure composable zero knowledge protocol proving the knowledge of the factorisation of a Blum integer.

Furthermore we give practical alternatives (e.g., signature cards) to the usual setup-assumptions and show that these allow to implement the important primitives commitment and zero-knowledge argument.