In a public-key encryption scheme,
if a sender is not concerned about the security of a message and
is unwilling to generate costly randomness,
the security of the encrypted message can be compromised.
This is caused by the \emph{laziness} of the sender.
In this work, we characterize \emph{lazy parties} in cryptography.
Lazy parties are regarded as honest parties in a protocol,
but they are not concerned about the security of the protocol in
a certain situation.
In such a situation, they behave in an honest-looking way, and are unwilling to do a costly task.
We study, in particular, public-key encryption with lazy parties.
Specifically, as the first step toward understanding the behavior of lazy parties
in public-key encryption, we consider a rather simple setting in which
the costly task is to generate randomness used in algorithms,
and parties can choose either costly good randomness or cheap bad randomness.
We model lazy parties as rational players who behaves rationally to
maximize their utilities, and define a security game between lazy parties
and an adversary.
A secure encryption scheme requires that the game is conducted by
lazy parties in a secure way if they follow a prescribed strategy,
and the prescribed strategy is a good equilibrium solution for the game.
Since a standard secure encryption scheme does not work for lazy parties,
we present some public-key encryption schemes that are secure for lazy parties.
↧