Security and composition of multiparty cryptographic protocols

Ran Canetti*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


We present general definitions of security for multiparty cryptographic protocols, with focus on the task of evaluating a probabilistic function of the parties' inputs. We show that, with respect to these definitions, security is preserved under a natural composition operation. The definitions follow the general paradigm of known definitions; yet some substantial modifications and simplifications are introduced. The composition operation is the natural "subroutine substitution" operation, formalized by Micali and Rogaway. We consider several standard settings for multiparty protocols, including the cases of eavesdropping, Byzantine, nonadaptive and adaptive adversaries, as well as the information-theoretic and the computational models. In particular, in the computational model we provide the first definition of security of protocols that is shown to be preserved under composition.

Original languageEnglish
Pages (from-to)143-202
Number of pages60
JournalJournal of Cryptology
Issue number1
StatePublished - 2000
Externally publishedYes


  • Composition of protocols
  • Multiparty cryptographic protocols
  • Secure function evaluation
  • Security of protocols


Dive into the research topics of 'Security and composition of multiparty cryptographic protocols'. Together they form a unique fingerprint.

Cite this