I was learning about composable security frameworks, and I was wondering about the following when I was learning about Constructive Cryptography here (https://youtu.be/l7vyzRtLQCM?feature=shared&t=1143):
Here, we are in the Alice-Bob-Eve setting. Alice wants to send a message to Bob, and Eve is adversarial. Moreover, let:
- AUT - Authenticated channel between Alice and Bob, where Eve can learn everything that is sent, but cannot modify the message.
- KEY - Generates a key which is shared with Alice and Bob. Eve learns nothing
- SECURE - A secure channel between Alice and Bob, where Eve learns when a message is sent and the length of the message sent.
We have the following constructions -
- AUT || KEY ---> SECURE // Using OTP encryption and decryption, for example
- AUT ---> KEY // Using DH key exchange, for example
Therefore, we have the following construction: AUT || AUT ---> SECURE
In other words, if we have two authenticated channels, we can construct a secure channel.
On the other hand, in practice, there is one internet, where Alice, Bob, and Eve are attached... Can we formally say that we can construct infinitely many authenticated channels using an authenticated internet?? Something like:
- Internet ---> AUT || Internet // We can get an Authenticated channel 'for free'
A related question is this - suppose we have an MPC system A, and another MPC system B. Is the parallel composition of A and B supposed to have 2 private networks? In practice though, we have one internet. What is the soundness argument in this case?
Moreover, I think that there might be situations where the underlying resource has nontrivial state. I was wondering how one might model the situation in this case, in both UC and CC?
