To prove UC-security (universally composable security) of a commitment scheme, we must show that a commitment scheme is extractable and equivocal.
That is, we must construct a simulator that is able to extract the commitment of an adversary corrupting the sender (extractability) and construct a simulator that is able to open anything for an adversary corrupting the receiver given a commitment (equivocal).
Consider this commitment scheme in the Random Oracle Model:
It seems to me that this protocol is UC-secure since the simulator has control of the random oracle. Thus, it can always know the message $M$ by looking at the calls to the random oracle. The simulator can also open any message $M'$ it wants by returning $c$ to future queries of $M'$ by the adversary corrupting the receiver.
My questions are:
No, your construction is insecure, specifically it fails to be hiding. A receiver who has a guess of $M$ can simply check whether $H(M)=c$ since $H$ is public. You can see that your suggested simulation strategy fails when the adversary has already queried $H$ on $M$ before the simulator learns that the commitment should hold $M$. The argument to $H$ should have high entropy even conditioned on a correct guess of $M$. Change the construction to $H(M\|r)$ for long random $r$ and you have the standard folklore commitment in the random oracle model.
Naively using a random oracle in the UC model is kind of like cheating. You get a totally independent random oracle for each protocol instance. It's not a great model for a supposedly public object. Those papers you reference try to use a random oracle in a less "cheaty" way, so their protocols have to work harder. Also at least the first paper avoids having the simulator program the oracle's outputs (non-programmable random oracle model) which is often seen as more palatable.
External links referenced by this document: