Paper 2013/496

Rational Protocol Design: Cryptography Against Incentive-driven Adversaries

Juan Garay, Jonathan Katz, Ueli Maurer, Bjoern Tackmann, and Vassilis Zikas


Existing work on “rational cryptographic protocols” treats each party (or coalition of parties) running the protocol as a selfish agent trying to maximize its utility. In this work we propose a fundamentally different approach that is better suited to modeling a protocol under attack from an external entity. Specifically, we consider a two-party game between an protocol designer and an external attacker. The goal of the attacker is to break security properties such as correctness or privacy, possibly by corrupting protocol participants; the goal of the protocol designer is to prevent the attacker from succeeding. We lay the theoretical groundwork for a study of cryptographic protocol design in this setting by providing a methodology for defining the problem within the traditional simulation paradigm. Our framework provides ways of reasoning about important cryptographic concepts (e.g., adaptive corruptions or attacks on communication resources) not handled by previous game-theoretic treatments of cryptography. We also prove composition theorems that—for the first time—provide a sound way to design rational protocols assuming “ideal communication resources” (such as broadcast or authenticated channels) and then instantiate these resources using standard cryptographic tools. Finally, we investigate the problem of secure function evaluation in our framework, where the attacker has to pay for each party it corrupts. Our results demonstrate how knowledge of the attacker’s incentives can be used to

Available format(s)
Publication info
Published elsewhere. MAJOR revision.FOCS 2013
Cryptographic ProtocolsGame TheorySecure ComputationComposition
Contact author(s)
vzikas @ cs ucla edu
2013-08-15: revised
2013-08-15: received
See all versions
Short URL
Creative Commons Attribution


      author = {Juan Garay and Jonathan Katz and Ueli Maurer and Bjoern Tackmann and Vassilis Zikas},
      title = {Rational Protocol Design: Cryptography Against Incentive-driven Adversaries},
      howpublished = {Cryptology ePrint Archive, Paper 2013/496},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.