Cryptology ePrint Archive: Report 2001/017

On adaptive vs. non-adaptive security of multiparty protocols

Ran Canetti and Ivan Damgard and Stefan Dziembowski and Yuval Ishai and Tal Malkin

Abstract: Security analysis of multiparty cryptographic protocols distinguishes between two types of adversarial settings: In the non-adaptive setting, the set of corrupted parties is chosen in advance, before the interaction begins. In the adaptive setting, the adversary chooses who to corrupt during the course of the computation. We study the relations between adaptive security (i.e., security in the adaptive setting) and non-adaptive security, according to two definitions and in several models of computation. While affirming some prevailing beliefs, we also obtain some unexpected results. Some highlights of our results are:

o According to the definition of Dodis-Micali-Rogaway (which is set in the information-theoretic model), adaptive and non-adaptive security are equivalent. This holds for both honest-but-curious and Byzantine adversaries, and for any number of parties.

o According to the definition of Canetti, for honest-but-curious adversaries, adaptive security is equivalent to non-adaptive security when the number of parties is logarithmic, and is strictly stronger than non-adaptive security when the number of parties is super-logarithmic. For Byzantine adversaries, adaptive security is strictly stronger than non-adaptive security, for any number of parties.

Category / Keywords: foundations / adaptiveness, distributed cryptography, foundations

Publication Info: Proceedings of Eurocrypt 2001

Date: received 27 Feb 2001

Contact author: stefand at brics dk

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20010227:155919 (All versions of this report)

Short URL: ia.cr/2001/017