Ran Canetti, Ivan Damgård,
Stefan Dziembowski, Yuval Ishai, and Tal Malkin
On Adaptive vs. Non-adaptive Security of Multiparty Protocols
Advances in Cryptology - EUROCRYPT '01, Lecture Notes in Computer Science, Springer-Verlag, vol. 2045, pp. 262-279, May 2001.
Abstract Security analysis of multiparty cryptographic protocols distinguishes between two types of adversarial settings: In the non-adaptive setting, the set of corrupted parties is chosen in advance, before the interaction begins. In the adaptive setting, the adversary chooses who to corrupt during the course of the computation. We study the relations between adaptive security (i.e., security in the adaptive setting) and non-adaptive security, according to two definitions and in several models of computation. While affirming some prevailing beliefs, we also obtain some unexpected results. Some highlights of our results are:
On Adaptive vs. Non-adaptive Security of Multiparty Protocols
Advances in Cryptology - EUROCRYPT '01, Lecture Notes in Computer Science, Springer-Verlag, vol. 2045, pp. 262-279, May 2001.
Abstract Security analysis of multiparty cryptographic protocols distinguishes between two types of adversarial settings: In the non-adaptive setting, the set of corrupted parties is chosen in advance, before the interaction begins. In the adaptive setting, the adversary chooses who to corrupt during the course of the computation. We study the relations between adaptive security (i.e., security in the adaptive setting) and non-adaptive security, according to two definitions and in several models of computation. While affirming some prevailing beliefs, we also obtain some unexpected results. Some highlights of our results are:
- According to the definition of
Dodis-Micali-Rogaway (which is set in the information-theoretic model),
adaptive and non-adaptive security are equivalent. This holds for both
honest-but-curious and Byzantine adversaries, and for any number of
parties.
- According to the definition of Canetti, for honest-but-curious adversaries, adaptive security is equivalent to non-adaptive security when the number of parties is logarithmic, and is strictly stronger than non-adaptive security when the number of parties is super-logarithmic. For Byzantine adversaries, adaptive security is strictly stronger than non-adaptive security, for any number of parties.