Game-Theoretic Security for Two-Party Protocols

Asharov, Canetti, and Hazay (Eurocrypt 2011) studied how game-theoretic concepts can be used to capture the cryptographic properties of correctness, privacy, and fairness in two-party protocols for failstop adversaries. In this work, we further study the characterization of the cryptographic properties of specific two-party protocols, oblivious transfer (OT) and commitment, in terms of game theory. Specifically, for each protocol, OT and commitment, we define a two-party game between rational sender and receiver together with their utility functions. Then, we prove that a given protocol satisfies cryptographic properties if and only if the strategy of following the protocol is in a Nash equilibrium. Compared to the previous work of Asharov et al., our characterization has several advantages: The game is played by multiple rational parties; All the cryptographic properties of OT/commitment are characterized by a single game; Security for malicious adversaries is considered; Utility functions are specified in general forms based on the preferences of the parties; A solution concept employed is a plain Nash equilibrium. Based on the above equivalence between game-theoretic and cryptographic security, we introduce a new game-theoretic security by considering several unsatisfactory points in the utility functions of the game-theoretic framework. Then, we show that it is equivalent to the cryptographic security against riskaverse adversaries, who behave maliciously, but does not act in a way that can cause the other party’s successful attacks. Our results indicate that the security against risk-averse adversaries may be more natural from the perspective of game theory.