A note on universal composable zero-knowledge in the common reference string model

Pass observed that universal composable zero-knowledge (UCZK) protocols in the common reference string (CRS) model lose deniability that is a natural security property and implication of the ZK functionality in accordance with the UC framework. An open problem (or, natural query) raised in the literature is: are there any other essential security properties, other than the well-known deniability property, that could be lost by UCZK in the CRS model, in comparison with the ZK functionality in accordance with the UC framework? In this work, we answer this open question (or, natural query), by showing that when running concurrently with other protocols UCZK in the CRS model can lose proof of knowledge (POK) property that is very essential and core security implication of the ZK functionality. This is demonstrated by concrete attack against naturally existing UCZK protocols in the CRS model. Then, motivated by our attack, we make further clarifications of the underlying reasons beneath the concrete attack, and investigate the precise security guarantee of UC with CRS.