Malicious vs Rational Behavior
Kadri TõldseppMar 06

It is a standard assumption in Cryptography and Security that participating parties can exhibit arbitrary adversarial behavior, by "maliciously" not cooperating along the execution of the suggested cryptographic protocol, deviating from it in the worst possible way for us, the designers of such algorithms.

But is this really a "realistic", even a necessary assumption to make? Is it possible that this is a very pessimistic approach? One can argue that agents can and will deviate from "desired" behavior, but only if this is to result in a higher personal gain for them. Ie, the participating parties are just "selfish", but not "malicious" in an arbitrary way.


This concept is exactly captured by the emerging field of Rational Cryptography, where the participants' behavior is modeled in a game theoretic way: they all have well-defined utilities over the possible outcomes of the protocol and they will just "play" with only one objective in mind, that of maximizing their own utility. Under this new model, already existing well-known impossibility results about the limitations of standard cryptography can be bypassed and revisited, and an entirely new perspective opens up many paths for a new, fresh and possibly more "realistic" approach to critical applications.

During the first year of UaESMC we reviewed  the already extensive literature in this interplay between Game Theory and  Secure Mutli-party Computation, and pointed-out a possible future direction that can give a further push towards the further integration of the two fields  (see D3.1 for more information).