Cryptology ePrint Archive: Report 2013/496

Rational Protocol Design: Cryptography Against Incentive-driven Adversaries

Juan Garay and Jonathan Katz and Ueli Maurer and Bjoern Tackmann and Vassilis Zikas

Abstract: Existing work on “rational cryptographic protocols” treats each party (or coalition of parties) running the protocol as a selfish agent trying to maximize its utility. In this work we propose a fundamentally different approach that is better suited to modeling a protocol under attack from an external entity. Specifically, we consider a two-party game between an protocol designer and an external attacker. The goal of the attacker is to break security properties such as correctness or privacy, possibly by corrupting protocol participants; the goal of the protocol designer is to prevent the attacker from succeeding.

We lay the theoretical groundwork for a study of cryptographic protocol design in this setting by providing a methodology for defining the problem within the traditional simulation paradigm. Our framework provides ways of reasoning about important cryptographic concepts (e.g., adaptive corruptions or attacks on communication resources) not handled by previous game-theoretic treatments of cryptography. We also prove composition theorems that—for the first time—provide a sound way to design rational protocols assuming “ideal communication resources” (such as broadcast or authenticated channels) and then instantiate these resources using standard cryptographic tools.

Finally, we investigate the problem of secure function evaluation in our framework, where the attacker has to pay for each party it corrupts. Our results demonstrate how knowledge of the attacker’s incentives can be used to

Category / Keywords: foundations / Cryptographic Protocols, Game Theory, Secure Computation, Composition

Original Publication (with major differences): FOCS 2013

Date: received 13 Aug 2013, last revised 15 Aug 2013

Contact author: vzikas at cs ucla edu

Available format(s): PDF | BibTeX Citation

Version: 20130815:164401 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]