Journal of Cryptology

, Volume 13, Issue 1, pp 143–202 | Cite as

Security and Composition of Multiparty Cryptographic Protocols

  • Ran Canetti


We present general definitions of security for multiparty cryptographic protocols, with focus on the task of evaluating a probabilistic function of the parties' inputs. We show that, with respect to these definitions, security is preserved under a natural composition operation.

The definitions follow the general paradigm of known definitions; yet some substantial modifications and simplifications are introduced. The composition operation is the natural ``subroutine substitution'' operation, formalized by Micali and Rogaway.

We consider several standard settings for multiparty protocols, including the cases of eavesdropping, Byzantine, nonadaptive and adaptive adversaries, as well as the information-theoretic and the computational models. In particular, in the computational model we provide the first definition of security of protocols that is shown to be preserved under composition.

Key words. Multiparty cryptographic protocols, Security of protocols, Secure function evaluation, Composition of protocols. 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© International Association for Cryptologic Research 2000

Authors and Affiliations

  • Ran Canetti
    • 1
  1. 1.IBM T.J. Watson Research CenterU.S.A.

Personalised recommendations