1

"the only thing the simulator can do in the ideal model is to choose the corrupted parties' inputs." Yehuda Lindell said.

1- what will happen when the corrupted parties have no inputs to the protocol? e.g. in cases that the corrupted party/parties are just some computing servers with no input.

2- in these cases, is it any relationship between security against malicious and semi-honest adversaries. As I am thinking that, as the corrupted party has no input, anything that a malicious adversary is able to do is also possible for the semi-honest adversary.

if not,

is it possible in any way to conclude security against malicious adversaries in these cases when we have proved security against semi-honest adversaries?

Community
  • 1
MH Samadani
  • 591
  • 4
  • 12

1 Answers1

2

A simulator is a thought experiment whose purpose is to:

  1. show that the adversary learns no more about the honest party's inputs than he's supposed to,

  2. show that the adversary's effect on the honest party's output is consistent with a legitimate input.

If the functionality takes no input from the corrupt party, #2 is moot but we still have #1. A canonical example is the zero-knowledge functionality, which takes no input from the verifier. When the verifier is corrupt, the purpose of the simulator is to demonstrate the zero-knowledge property.

There is no general implication between semi-honest and malicious security. Take any semi-honest protocol and modify it to add the behavior "if the other person sent me the message $(\textsf{asdf}, v)$ then send my input to that party and output $v$." Adding this behavior to the protocol doesn't affect semi-honest security since honest parties never send each other $\textsf{asdf}$ messages. But the effect on malicious security should be clear, and it has nothing to do with which party has input, etc.

Mikero
  • 14,908
  • 2
  • 35
  • 58