Universal Composability is Robust Compilation

TL;DR

This paper establishes a formal connection between universal composability (UC) and robust compilation (RC), demonstrating how RC can ensure UC properties in cryptographic protocols through mechanised proofs.

Contribution

It formally proves the link between UC and RC, identifies language conditions for UC-like composition, and mechanises UC proofs using Deepsec.

Findings

UC of protocols can be derived from RC properties

Mechanised proofs in Deepsec confirm UC guarantees

Conditions for programming languages to achieve UC-like composition

Abstract

This paper discusses the relationship between two frameworks: universal composability (UC) and robust compilation (RC). In cryptography, UC is a framework for the specification and analysis of cryptographic protocols with a strong compositionality guarantee: UC protocols remain secure even when composed with other protocols. In programming language security, RC is a novel framework for determining secure compilation by proving whether compiled programs are as secure as their source-level counterparts no matter what target-level code they interact with. Presently, these disciplines are studied in isolation, though we argue that there is a deep connection between them and exploring this connection will benefit both research fields. This paper formally proves the connection between UC and RC and then it explores the benefits of this connection. For this, this paper first identifies which conditions must programming languages fulfil in order to possibly attain UC-like composition. Then, it proves UC of both an existing and a new commitment protocol as a corollary of the related compilers attaining RC. Finally, it mechanises these proofs in Deepsec, obtaining symbolic guarantees that the protocol is indeed UC. Our connection lays the groundwork towards a better and deeper understanding of both UC and RC, and the benefits we showcase from this connection provide first evidence of scalable mechanised proofs for UC.