Adaptive versus non-adaptive security of multi-party protocols

Ran Canetti*, Ivan Damgård, Stefan Dziembowski, Yuval Ishai, Tal Malkin

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

Security analysis of multi-party cryptographic protocols distinguishes between two types of adversarial settings: In the non-adaptive setting the set of corrupted parties is chosen in advance, before the interaction begins. In the adaptive setting the adversary chooses who to corrupt during the course of the computation. We study the relations between adaptive security (i.e., security in the adaptive setting) and non-adaptive security, according to two definitions and in several models of computation. While affirming some prevailing beliefs, we also obtain some unexpected results. Some highlights of our results are: According to a more basic definition (due to Canetti), for honest-but-curious adversaries, adaptive security is equivalent to non-adaptive security when the number of parties is logarithmic, and is strictly stronger than non-adaptive security when the number of parties is super-logarithmic. For Byzantine adversaries, adaptive security is strictly stronger than non-adaptive security, for any number of parties. According to an augmented definition which is cast in an information-theoretic setting (due to Dodis, Micali, and Rogaway), adaptive and non-adaptive security are essentially equivalent. This holds for both honest-but-curious and Byzantine adversaries, and for any number of parties.

Original languageEnglish
Pages (from-to)153-207
Number of pages55
JournalJournal of Cryptology
Volume17
Issue number3
DOIs
StatePublished - Jun 2004
Externally publishedYes

Keywords

  • Adaptive security
  • Definitions of security
  • Multi-party protocols

Fingerprint

Dive into the research topics of 'Adaptive versus non-adaptive security of multi-party protocols'. Together they form a unique fingerprint.

Cite this