Cryptographic Protocols Provably Secure Against Dynamic Adversaries

  • Donald Beaver
  • Stuart Haber
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 658)


We introduce new techniques for generating and reasoning about protocols. These techniques are based on protocol transformations that depend on the nature of the adversaries under consideration. We propose a set of definitions that captures and unifies the intuitive notions of correctness, privacy, and robustness, and enables us to give concise and modular proofs that our protocols possess these desirable properties.

Using these techniques, whose major purpose is to greatly simplify the design and verification of cryptographic protocols, we show how to construct a multiparty cryptographic protocol to compute any given feasible function of the parties’ inputs. We prove that our protocol is secure against the malicious actions of any adversary, limited to feasible computation, but with the power to eavesdrop on all messages and to corrupt any dynamically chosen minority of the parties. This is the first proof of sccurity against dynamic adversaries in the “cryptographic” model of multiparty protocols. We assume the existence of a one-way function and allow the participants to erase small portions of memory. Our result combines the superior resilience of the cryptographic setting of [GMW87] with the stronger (dynamic) fault pattern of the “non-cryptographic” setting of [BGW88,CCD88].


Cryptographic Protocol Auxiliary Input Input Tape Protocol Execution Byzantine Agreement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    L. Babai, S. Moran. “Arthur-Merlin Games: A Randomized Proof System, and a Hierarchy of Complexity Classes.” J. Comput. System Sci. 36 (1988), 254–276.zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    J. Bar-Han, D. Beaver. “Non-Cryptographic Fault-Tolerant Computing in a Constant Expected Number of Rounds of Interaction.” Proceedings of PODC, ACM, 1989, 201–209.Google Scholar
  3. 3.
    D. Beaver. “Secure Multiparty Protocols and Zero Knowledge Proof Systems Tolerating a Faulty Minority.” J. Cryptology. 4:2, 1991, 75–122. An earlier version appeared as “Secure Multiparty Protocols Tolerating Half Faulty Processors” in CRYPTO’ 89, G. Brassard, ed., Springer-Verlag LNCS 435, 1990.zbMATHCrossRefGoogle Scholar
  4. 4.
    D. Beaver. “Formal Definitions for Secure Distributed Protocols.” Proceedings of the DIMACS Workshop on Distributed Computing and Cryptography, Princeton, NJ, October, 1989, J. Feigenbaum, M. Merritt (eds.).Google Scholar
  5. 5.
    D. Beaver. Security, Fault Tolerance, and Communication Complexity in Distributed Systems. Ph.D. Thesis, Harvard University, Cambridge, 1990.Google Scholar
  6. 6.
    D. Beaver. “Foundations of Secure Interactive Computation.” Proceedings of Crypto’ 91 (to appear).Google Scholar
  7. 7.
    D. Beaver, S. Goldwasser. “Multiparty Computation with Faulty Majority.” Proceedings of the 30th FOCS, IEEE, 1989, 468–473.Google Scholar
  8. 8.
    D. Beaver, S. Micali, P. Rogaway. “The Round Complexity of Secure Protocols.” Proceedings of the 22nd STOC, ACM, 1990, 503–513.Google Scholar
  9. 9.
    M. Bellare and O. Goldreich. “On Defining Proofs of Knowledge.” Proceedings of Crypto’ 92 (to appear).Google Scholar
  10. 10.
    M. Ben-Or, S. Goldwasser, A. Wigderson. “Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation.” Proceedings of the 20th STOC, ACM, 1988, 1–10.Google Scholar
  11. 11.
    G. Brassard, D. Chaum, C. Crépeau. “Minimum Disclosure Proofs of Knowledge.” J. Comput. System Sci. 37 (1988), 156–189.zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    D. Chaum, C. Crépeau, I. Damgård. “Multiparty Unconditionally Secure Protocols.” Proceedings of the 20th STOC, ACM, 1988, 11–19.Google Scholar
  13. 13.
    B. Chor, M. Rabin. “Achieving Independence in a Logarithmic Number of Rounds.” Proceedings of the 6th PODC, ACM, 1987.Google Scholar
  14. 14.
    U. Feige, A. Fiat, and A. Shamir. “Zero knowledge proofs of identity.” J. of Cryptology, 1:2, 1988, 77–94.zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    P. Feldman. “One Can Always Assume Private Channels.” Unpublished manuscript, 1988.Google Scholar
  16. 16.
    P. Feldman, S. Micali. “Optimal Algorithms for Byzantine Agreement.” Proceedings of the 20th STOC, ACM, 1988, 148–161. (The reader of this paper is referred for the relevant result to Feldman’s Ph.D. Thesis, Optimal Algorithms for Byzantine Agreement (MIT, 1988), where it apparently does not appear; but see [15].)Google Scholar
  17. 17.
    Z. Galil, S. Haber, M. Yung. “Cryptographic Computation: Secure Fault-Tolerant Protocols and the Public-Key Model.” Proceedings of Crypto 1987, Springer-Verlag, 1988, 135–155.Google Scholar
  18. 18.
    Z. Galil, S. Haber, and M. Yung. “Minimum-Knowledge Interactive Proofs for Decision Problems.” SIAM J. Comput. 18:4 (1989), 711–739.zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Z. Galil, S. Haber, and M. Yung. “Interactive public-key cryptosystems.” Submitted for publication, 1991.Google Scholar
  20. 20.
    S. Goldwasser, S. Micali. “Probabilistic Encryption.” J. Comput. System Sci. 28 (1984), 270–299.zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    S. Goldwasser, S. Micali, C. Rackoff. “The Knowledge Complexity of Interactive Proof Systems.” SIAM J. Comput. 18:1 (1989), 186–208.zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    S. Goldwasser, M. Sipser. “Private Coins vs. Public Coins in Interactive Proof Systems.” Proceedings of the 18th STOC, ACM, 1986, 59–68.Google Scholar
  23. 23.
    O. Goldreich, S. Micali, A. Wigderson. “Proofs that Yield Nothing but Their Validity and a Methodology of Cryptographic Protocol Design.” Proceedings of the 27th FOCS, IEEE, 1986, 174–187.Google Scholar
  24. 24.
    O. Goldreich, S. Micali, A. Wigderson. “How to Play Any Mental Game, or A Completeness Theorem for Protocols with Honest Majority.” Proceedings of the 19th STOC, ACM, 1987, 218–229.Google Scholar
  25. 25.
    S. Goldwasser, L. Levin. “Fair Computation of General Functions in Presence of Immoral Majority.” Proceedings of Crypto 1990.Google Scholar
  26. 26.
    J. Håstad. “Pseudo-Random Generators under Uniform Assumptions.” Proceedings of the 22nd STOC, ACM, 1990, 395–404.Google Scholar
  27. 27.
    R. Impagliazzo, L. Levin, and M. Luby. “Pseudorandom Generation from One-Way Functions.” Proceedings of the 21st STOC, ACM, 1989, 12–24.Google Scholar
  28. 28.
    T. Rabin, M. Ben-Or. “Verifiable Secret Sharing and Multiparty Protocols with Honest Majority.” Proceedings of the 21st STOC, ACM, 1989, 73–85.Google Scholar
  29. 29.
    A. Shamir. “How to Share a Secret.” Communications of the ACM, 22 (1979), 612–613.zbMATHCrossRefMathSciNetGoogle Scholar
  30. 30.
    M. Tompa and H. Woll. “Random self-reducibility and zero knowledge interactive proofs of possession of information.” Proceedings of the 28th FOCS, IEEE, 1987, 472–482.Google Scholar
  31. 31.
    A. Yao, “Theory and Applications of Trapdoor Functions.” Proceedings of the 23rd FOCS, IEEE, 1982, 80–91.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1993

Authors and Affiliations

  • Donald Beaver
    • 1
  • Stuart Haber
    • 2
  1. 1.313 Whitmore LabPenn State UniversityUniversity ParkUSA
  2. 2.BellcoreMorristownUSA

Personalised recommendations