Cryptographic Protocols Provably Secure Against Dynamic Adversaries

We introduce new techniques for generating and reasoning about protocols. These techniques are based on protocol transformations that depend on the nature of the adversaries under consideration. We propose a set of definitions that, captures and unifies the intuitive notions of correctness, privacy, and robustness, and enables us to give concise and modular proofs that our protocols possess these desirable properties. Using these techniques, whose major purpose is to greatly simplify the design and verification of cryptographic protocols, we show how to construct a multiparty cryptographic protocol to compute any given feasible function of the parties' inputs. We prove that our protocol is secure against the malicious actions of any adversary, limited to feasible computation, but with the power to eavesdrop on all messages and to corrupt any dynamically chosen minority of the parties. This is the first proof of security against dynamic adversaries in the "cryptographic" model of multiparty protocols. We assume the existeuce of a one-way function and allow the participants to erase small portions of memory. Our result combines the superior resilience of the cryptographic setting of [GMW87] with the stronger (dynamic) fault pattern of the "non-cryptographic" setting of [BGW88, CCD88].

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[3]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[4]  Moti Yung,et al.  A private interactive test of a boolean predicate a minimum-knowledge public-key cryptosystems , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[5]  Shafi Goldwasser,et al.  Private coins versus public coins in interactive proof systems , 1986, STOC '86.

[6]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[7]  Moti Yung,et al.  Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model , 1987, CRYPTO.

[8]  Martin Tompa,et al.  Random self-reducibility and zero knowledge interactive proofs of possession of information , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[9]  Michael O. Rabin,et al.  Achieving independence in logarithmic number of rounds , 1987, PODC '87.

[10]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[11]  László Babai,et al.  Arthur-Merlin Games: A Randomized Proof System, and a Hierarchy of Complexity Classes , 1988, J. Comput. Syst. Sci..

[12]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[13]  Silvio Micali,et al.  Optimal algorithms for Byzantine agreement , 1988, STOC '88.

[14]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[15]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[16]  Moti Yung,et al.  Minimum-Knowledge Interactive Proofs for Decision Problems , 1989, SIAM J. Comput..

[17]  Judit Bar-Ilan,et al.  Non-cryptographic fault-tolerant computing in constant number of rounds of interaction , 1989, PODC '89.

[18]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[19]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[20]  Donald Beaver,et al.  Multiparty Protocols Tolerating Half Faulty Processors , 1989, CRYPTO.

[21]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[22]  Donald Beaver,et al.  Multiparty computation with faulty majority , 1989, 30th Annual Symposium on Foundations of Computer Science.

[23]  Donald Beaver Formal Definitions for Secure Distributed Protocols , 1989, Distributed Computing And Cryptography.

[24]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[25]  Johan Håstad,et al.  Pseudo-random generators under uniform assumptions , 1990, STOC '90.

[26]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[27]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[28]  J. Feigenbaum,et al.  Distributed computing and cryptography : proceedings of a DIMACS workshop held at the Nassau Inn in Princeton, New Jersey, October 4-6, 1989 , 1991 .

[29]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[30]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1988, Journal of Cryptology.

[31]  Michael Rabin,et al.  Security, fault tolerance, and communication complexity in distributed systems , 1990 .