International Association
for Cryptologic Research

In a public-key encryption scheme,

if a sender is not concerned about the security of a message and

is unwilling to generate costly randomness,

the security of the encrypted message can be compromised.

This is caused by the \\emph{laziness} of the sender.

In this work, we characterize \\emph{lazy parties} in cryptography.

Lazy parties are regarded as honest parties in a protocol,

but they are not concerned about the security of the protocol in

a certain situation.

In such a situation, they behave in an honest-looking way, and are unwilling to do a costly task.

We study, in particular, public-key encryption with lazy parties.

Specifically, as the first step toward understanding the behavior of lazy parties

in public-key encryption, we consider a rather simple setting in which

the costly task is to generate randomness used in algorithms,

and parties can choose either costly good randomness or cheap bad randomness.

We model lazy parties as rational players who behaves rationally to

maximize their utilities, and define a security game between lazy parties

and an adversary.

A secure encryption scheme requires that the game is conducted by

lazy parties in a secure way if they follow a prescribed strategy,

and the prescribed strategy is a good equilibrium solution for the game.

Since a standard secure encryption scheme does not work for lazy parties,

we present some public-key encryption schemes that are secure for lazy parties.