Paper 1998/018

Security and Composition of Multi-party Cryptographic Protocols

Ran Canetti


We present general definitions of security for multiparty cryptographic protocols and show that, using these definitions, security is preserved under a natural composition method. The definitions follow the general paradigm of known definitions; yet some substantial modifications and simplifications are introduced. In particular, `black-box simulation' is no longer required. The composition method is essentially the natural `subroutine substitution' method suggested by Micali and Rogaway. We first present the general definitional approach. Next we consider several settings for multiparty protocols. These include the cases of non-adaptive and adaptive adversaries, as well as the information-theoretic and the computational models.

Available format(s)
Publication info
Published elsewhere. Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.
Multiparty cryptographic protocolssecurity of protocolssecure composition of protocols.
Contact author(s)
canetti @ watson ibm com
1999-08-01: last of 3 revisions
1998-06-04: received
Short URL
Creative Commons Attribution


      author = {Ran Canetti},
      title = {Security and Composition of Multi-party Cryptographic Protocols},
      howpublished = {Cryptology ePrint Archive, Paper 1998/018},
      year = {1998},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.