What problem does this paper attempt to address?

The problem that this paper attempts to solve is to extend the connection between Universal Composability (UC) security and Robust Compilation (RC) from perfect security to computational security. Specifically, the existing methods can only be applied to ideal, perfectly - secure protocols, while real - world cryptographic protocols rely on computational complexity assumptions and thus only have computational security. By introducing computational indistinguishability and polynomial - time bounds, the author extends the UC and RC theories, enabling these tools to be used to verify computationally - secure protocols that are widely present in practice. ### Main Problem Description 1. **Limitations of Existing Methods**: - The existing methods for connecting UC and RC are only applicable to ideal security (perfect UC security), that is, the behavior of the protocol and the ideal function are exactly the same. - Real - world cryptographic protocols rely on computational complexity assumptions and thus only have computational security (computational UC security), that is, the behavior of the protocol and the ideal function are indistinguishable to computationally - bounded adversaries. 2. **Objectives**: - To extend the connection between UC and RC to the scenario of computational security. - To provide a framework that enables the use of existing tools (such as CRYPTOVERIF) to mechanistically verify the UC security of computationally - secure protocols. ### Solution Overview 1. **Introducing Computational Indistinguishability**: - Replace behavioral equivalence with computational indistinguishability in UC and RC theories. - Introduce a security parameter \(n\), and define behavior as a family of distributions rather than a single random variable. - Define the behavior of two programs as computationally indistinguishable if, for all polynomial - time environments \(Z\), their output distributions converge rapidly as \(n\) increases. 2. **Extending RC Theory**: - Modify the RC theory to consider polynomial - time and computational indistinguishability. - Define a Computationally Robust Hyper - Property - Preserving Compiler (CRHC), which only considers polynomial - time contexts and programs and requires that the behavior of the compiled program and the source program are computationally indistinguishable. 3. **Establishing the Equivalence between UC and CRHC**: - Prove the equivalence between computational UC security and CRHC, that is, a protocol is computationally UC - secure if and only if it can be compiled by a compiler that satisfies CRHC. - Use the Isabelle/HOL theorem prover to verify all relevant theorems. 4. **Application Examples**: - Use the CRYPTOVERIF tool to mechanistically verify part of the computational UC security of the WireGuard protocol. ### Conclusion Through these improvements, the paper successfully extends the connection between UC and RC to the scenario of computational security, providing a new method to mechanistically verify the UC security of computationally - secure protocols that are widely present in practice. This not only fills the gaps in existing methods but also provides a solid foundation for further research and application.