In this paper, we introduce the notion of {\em covert adversaries}, which we believe faithfully models the adversarial behavior in many commercial, political, and social settings. Covert adversaries have the property that they may deviate arbitrarily from the protocol specification in an attempt to cheat, but do not wish to be ``caught'' doing so. We provide a definition of security for covert adversaries and show that it is possible to obtain highly efficient protocols that are secure against such adversaries. We stress that in our definition, we quantify over all (possibly malicious) adversaries and do not assume that the adversary behaves in any particular way. Rather, we guarantee that if an adversary deviates from the protocol in a way that would enable it to ``cheat'' (meaning that it can achieve something that is impossible in an ideal model where a trusted party is used to compute the function), then the honest parties are guaranteed to detect this cheating with good probability. We argue that this level of security is sufficient in many settings.
Category / Keywords: cryptographic protocols / secure computation, adversary models, efficient computation Publication Info: An extended abstract appeared in TCC 2007. Date: received 18 Feb 2007, last revised 8 Mar 2009 Contact author: lindell at cs biu ac il Available format(s): PDF | BibTeX Citation Version: 20090308:083605 (All versions of this report) Short URL: ia.cr/2007/060 Discussion forum: Show discussion | Start new discussion