On Adaptive vs. Non-adaptive Security of Multiparty Protocols
نویسندگان
چکیده
Security analysis of multiparty cryptographic protocols distinguishes between two types of adversarial settings: In the non-adaptive setting, the set of corrupted parties is chosen in advance, before the interaction begins. In the adaptive setting, the adversary chooses who to corrupt during the course of the computation. We study the relations between adaptive security (i.e., security in the adaptive setting) and non-adaptive security, according to two definitions and in several models of computation. While affirming some prevailing beliefs, we also obtain some unexpected results. Some highlights of our results are: – According to the definition of Dodis-Micali-Rogaway (which is set in the information-theoretic model), adaptive and non-adaptive security are equivalent. This holds for both honest-but-curious and Byzantine adversaries, and for any number of parties. – According to the definition of Canetti, for honest-but-curious adversaries, adaptive security is equivalent to non-adaptive security when the number of parties is logarithmic, and is strictly stronger than non-adaptive security when the number of parties is superlogarithmic. For Byzantine adversaries, adaptive security is strictly stronger than non-adaptive security, for any number of parties.
منابع مشابه
Adaptively Secure Multi-Party Computation with Dishonest Majority
Adaptively secure multiparty computation is an essential and fundamental notion in cryptography. In this work we focus on the basic question of constructing a multiparty computation protocol secure against a malicious, adaptive adversary in the stand-alone setting without assuming an honest majority, in the plain model. It has been believed that this question can be resolved by composing known ...
متن کاملEfficient Multiparty Computations Secure Against an Adaptive Adversary
We consider veriiable secret sharing (VSS) and multiparty computation (MPC) in the secure-channels model, where a broadcast channel is given and a non-zero error probability is allowed. In this model Rabin and Ben-Or proposed VSS and MPC protocols secure against an adversary that can corrupt any minority of the players. In this paper, we rst observe that a subprotocol of theirs, known as weak s...
متن کاملUniversally Composable Adaptive Oblivious Transfer
In an oblivious transfer (OT) protocol, a Sender with messages M1, . . . ,MN and a Receiver with indices σ1, . . . , σk ∈ [1, N ] interact in such a way that at the end the Receiver obtains Mσ1 , . . . ,Mσk without learning anything about the other messages and the Sender does not learn anything about σ1, . . . , σk. In an adaptive protocol, the Receiver may obtain Mσi−1 before deciding on σi. ...
متن کاملIncoercible Multiparty Computation
Current secure multiparty protocols have the following deficiency. The public transcript of the communication can be used as an involuntary commitment of the parties to their inputs and outputs. Thus parties can be later coerced by some authority to reveal their private data. Previous work that has pointed this interesting problem out contained only partial treatment. In this work we present th...
متن کاملAdaptively Secure, Universally Composable, Multiparty Computation in Constant Rounds
Cryptographic protocols with adaptive security ensure that security holds against an adversary who can dynamically determine which parties to corrupt as the protocol progresses—or even after the protocol is finished. In the setting where all parties may potentially be corrupted, and secure erasure is not assumed, it has been a long-standing open question to design secure-computation protocols w...
متن کامل