Perfectly Secure Message Transmission against Rational Adversaries
Secure Message Transmission (SMT) is a two-party cryptographic protocol by which the sender can securely and reliably transmit messages to the receiver using multiple channels. An adversary for SMT can corrupt a subset of the channels and make eavesdropping and tampering over the channels. In this work, we introduce a game-theoretic security model for SMT in which adversaries have some preferences for the protocol execution. We define rational "timid" adversaries who prefer to violate the security requirements, but do not prefer the tampering to be detected. Such adversaries could arise since they may fear losing their corrupted channels for which they needed some cost or risks. First, we consider the basic setting in which a single adversary attacks the protocol. We show that, even if all but one of the channels are corrupted, we can construct perfect SMT protocols against rational adversaries. In the traditional cryptographic setting, perfect SMT can be constructed only when the adversary corrupts a minority of the channels. Our results demonstrate a way of circumventing the cryptographic impossibility results by a game-theoretic approach. Next, we study the setting in which all the channels can be corrupted by multiple adversaries who do not cooperate. Since we cannot hope for any security if a single adversary corrupts all the channels or multiple adversaries cooperate maliciously, the scenario can arise from a game-theoretic model. We present several perfect SMT protocols, including a non-interactive protocol based on the idea of cheater-identifiable secret sharing. We also study the scenario in which both malicious and rational adversaries exist.
READ FULL TEXT