On the (Non-)Equivalence of UC Security Notions

Over the years, various security notions have been proposed in order to cope with a wide range of security scenarios. Recently, the study of security notions has been extended towards comparing cryptographic definitions of secure implementation with game-theoretic definitions of universal implementation of a trusted mediator. In this work we go a step further: We define the notion of game universal implementation and we show it is equivalent to weak stand-alone security. Thus, we are able to answer positively the open question from [20,19] regarding the existence of game-theoretic definitions that are equivalent to cryptographic security notions for which the ideal world simulator does not depend on both the distinguisher and the input distribution. Moreover, we investigate the propagation of the weak stand-alone security notion through the existing security hierarchy, from stand-alone to universal composability. Our main achievement in this direction is a separation result between two variants of the UC security definition: 1-bit specialized simulator UC security and specialized simulator UC security. This solves an open question from [25] and comes in contrast with the well known equivalence result between 1-bit UC security and UC security. We also show that weak security under 1-bounded concurrent general composition is equivalent to 1-bit specialized simulator UC security. As a consequence, we obtain that the notion of weak stand-alone security and the notion of stand-alone security are not equivalent.