Universal Composability from Essentially Any Trusted Setup

It is impossible to securely carry out general multi-party computation in arbitrary network contexts like the Internet, unless protocols have access to some trusted setup. In this work we classify the power of such trusted (2-party) setup functionalities. We show that nearly every setup is either useless (ideal access to the setup is equivalent to having no setup at all) or else complete (composably secure protocols for all tasks exist in the presence of the setup). We further argue that those setups which are neither complete nor useless are highly unnatural. The main technical contribution in this work is an almost-total characterization of completeness for 2-party setups. Our characterization treats setup functionalities as black-boxes, and therefore is the first work to classify completeness of arbitrary setup functionalities (i.e., randomized, reactive, and having behavior that depends on the global security parameter). ∗An extended abstract of this work appeared in CRYPTO 2012. †Department of Computer Science, University of Montana. [email protected]. Supported by NSF grant CCF1149647.