"Simulator Based" vs "Game Based" security proof for a two-party computation protocol

m123

7/3/24, 11:07 PM

I am trying to find out how to write a security proof for a two-party computation problem.

I have read some examples to write simulators like $x_1 ∧ x_2$ problem and the example in Goldreich's book. I have also read some parts of Lindell's toturial . But I am still unsure about my understanding. I have also seen the paper which uses the game-based approach for its security analysis. I have also read this question

My questions are:

Can I use game-based approach to write my security proof for a two-party computation problem? Since there are only two parties involved? Or I always MUST use simulator-based approach to write the security proof for any multi (and two) party computation problem?
Does a privacy-preserving multi-party computation scheme (like the paper I mentioned) include less security guarantee? In other words, does a secure multi-party computation problem which uses simulation-based proof capture more security concerns than privacy?

0 + 4

multiparty-computation

simulation

game

lamontap

7/4/24, 9:03 PM

Game-based security definitions are usually weaker than simulation-based. So simulation-based is preferable, but is also arguably harder to prove and sometimes requires more assumptions. The advantage of simulation-based is that protocols retain their security when composed (e.g. universal composability). The term "privacy preserving" is used loosely and doesn't have a formal definition as far as I know.

lamba

7/5/24, 9:34 PM

Note that indeed protocols proved under simulation-based security can be composed. But by default you can only do sequential composition. For protocols to be universally composable, they need to be proved in the UC model involving an "environment".

m123

7/13/24, 10:33 PM

@lamontap: Why is the game-based security considered to be weaker? In game-based approach also we do not limit the strategy of the adversary and it is guaranteed that the adversary learns nothing undesired. Isn't it exactly the same as what we are achieving via simulation? Is there any example that can be proved to be secured by game based approach, but it is insecure in reality or via simulation?

lamontap

7/27/24, 2:58 PM

"Weaker" in the sense that game-based definitions (also sometimes called standalone) usually don't provide guarantees when multiple instances of the protocol are composed.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: "Simulator Based" vs "Game Based" security proof for a two-party computation protocol

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.