Security against covert adversaries: Efficient protocols for realistic adversaries

Research output: Contribution to journalArticlepeer-review

106 Scopus citations


In the setting of secure multiparty computation, a set of mutually distrustful parties wish to securely compute some joint function of their private inputs. The computation should be carried out in a secure way, meaning that no coalition of corrupted parties should be able to learn more than specified or somehow cause the result to be "incorrect." Typically, corrupted parties are either assumed to be semi-honest (meaning that they follow the protocol specification) or malicious (meaning that they may deviate arbitrarily from the protocol). However, in many settings, the assumption regarding semi-honest behavior does not suffice and security in the presence of malicious adversaries is excessive and expensive to achieve. In this paper, we introduce the notion of covert adversaries, which we believe faithfully models the adversarial behavior in many commercial, political, and social settings. Covert adversaries have the property that they may deviate arbitrarily from the protocol specification in an attempt to cheat, but do not wish to be "caught" doing so. We provide a definition of security for covert adversaries and show that it is possible to obtain highly efficient protocols that are secure against such adversaries. We stress that in our definition, we quantify over all (possibly malicious) adversaries and do not assume that the adversary behaves in any particular way. Rather, we guarantee that if an adversary deviates from the protocol in a way that would enable it to "cheat" (meaning that it can achieve something that is impossible in an ideal model where a trusted party is used to compute the function), then the honest parties are guaranteed to detect this cheating with good probability. We argue that this level of security is sufficient in many settings.

Original languageEnglish
Pages (from-to)281-343
Number of pages63
JournalJournal of Cryptology
Issue number2
StatePublished - Apr 2010

Bibliographical note

Funding Information:
An extended abstract of this work appeared in the 4th Theory of Cryptography Conference. Work supported in part by an Infrastructures Grant from the Ministry of Science, Israel. The second author was also supported by The Israel Science Foundation (Grant No. 781/07).


  • Covert adversaries
  • Efficient constructions
  • Secure two-party computation
  • Simulation paradigm


Dive into the research topics of 'Security against covert adversaries: Efficient protocols for realistic adversaries'. Together they form a unique fingerprint.

Cite this