How to Incentivize Data-Driven Collaboration Among Competing Parties

The availability of vast amounts of data is changing how we can make medical discoveries, predict global market trends, save energy, and develop educational strategies. In some settings such as Genome Wide Association Studies or deep learning, sheer size of data seems critical. When data is held distributedly by many parties, they must share it to reap its full benefits. One obstacle to this revolution is the lack of willingness of different parties to share data, due to reasons such as loss of privacy or competitive edge. Cryptographic works address privacy aspects, but shed no light on individual parties' losses/gains when access to data carries tangible rewards. Even if it is clear that better overall conclusions can be drawn from collaboration, are individual collaborators better off by collaborating? Addressing this question is the topic of this paper. * We formalize a model of n-party collaboration for computing functions over private inputs in which participants receive their outputs in sequence, and the order depends on their private inputs. Each output "improves" on preceding outputs according to a score function. * We say a mechanism for collaboration achieves collaborative equilibrium if it ensures higher reward for all participants when collaborating (rather than working alone). We show that in general, computing a collaborative equilibrium is NP-complete, yet we design efficient algorithms to compute it in a range of natural model settings. Our collaboration mechanisms are in the standard model, and thus require a central trusted party; however, we show this assumption is unnecessary under standard cryptographic assumptions. We show how to implement the mechanisms in a decentralized way with new extensions of secure multiparty computation that impose order/timing constraints on output delivery to different players, as well as privacy and correctness

Secure Multiparty Computation with Partial Fairness

A protocol for computing a functionality is secure if an adversary in this protocol cannot cause more harm than in an ideal computation where parties give their inputs to a trusted party which returns the output of the functionality to all parties. In particular, in the ideal model such computation is fair -- all parties get the output. Cleve (STOC 1986) proved that, in general, fairness is not possible without an honest majority. To overcome this impossibility, Gordon and Katz (Eurocrypt 2010) suggested a relaxed definition -- 1/p-secure computation -- which guarantees partial fairness. For two parties, they construct 1/p-secure protocols for functionalities for which the size of either their domain or their range is polynomial (in the security parameter). Gordon and Katz ask whether their results can be extended to multiparty protocols. We study 1/p-secure protocols in the multiparty setting for general functionalities. Our main result is constructions of 1/p-secure protocols when the number of parties is constant provided that less than 2/3 of the parties are corrupt. Our protocols require that either (1) the functionality is deterministic and the size of the domain is polynomial (in the security parameter), or (2) the functionality can be randomized and the size of the range is polynomial. If the size of the domain is constant and the functionality is deterministic, then our protocol is efficient even when the number of parties is O(log log n) (where n is the security parameter). On the negative side, we show that when the number of parties is super-constant, 1/p-secure protocols are not possible when the size of the domain is polynomial

Efficient Secure Computation with Garbled Circuits

Abstract. Secure two-party computation enables applications in which partic-ipants compute the output of a function that depends on their private inputs, without revealing those inputs or relying on any trusted third party. In this pa-per, we show the potential of building privacy-preserving applications using gar-bled circuits, a generic technique that until recently was believed to be too ineffi-cient to scale to realistic problems. We present a Java-based framework that uses pipelining and circuit-level optimizations to build efficient and scalable privacy-preserving applications. Although the standard garbled circuit protocol assumes a very week, honest-but-curious adversary, techniques are available for convert-ing such protocols to resist stronger adversaries, including fully malicious adver-saries. We summarize approaches to producing malicious-resistant secure com-putations that reduce the costs of transforming a protocol to be secure against stronger adversaries. In addition, we summarize results on ensuring fairness, the property that either both parties receive the result or neither party does. Several open problems remain, but as theory and pragmatism advance, secure computa-tion is approaching the point where it offers practical solutions for a wide variety of important problems.

BBB-Voting: 1-out-of-k Blockchain-Based Boardroom Voting

Voting is a means to agree on a collective decision based on available choices (e.g., candidates), where participants (voters) agree to abide by their outcome. To improve some features of e-voting, decentralized solutions based on a blockchain can be employed, where the blockchain represents a public bulletin board that in contrast to a centralized bulletin board provides $100\%$ availability and censorship resistance. A blockchain ensures that all entities in the voting system have the same view of the actions made by others due to its immutable and append-only log. The existing blockchain-based boardroom voting solution called Open Voting Network (OVN) provides the privacy of votes and perfect ballot secrecy, but it supports only two candidates. We present BBB-Voting, an equivalent blockchain-based approach for decentralized voting than OVN, but in contrast to it, BBB-Voting supports 1-out-of-$k$ choices and provides a fault tolerance mechanism that enables recovery from stalling participants. We provide a cost-optimized implementation using Ethereum, which we compare with OVN and show that our work decreases the costs for voters by $13.5\%$ in terms of gas consumption. Next, we outline the extension of our implementation scaling to magnitudes higher number of participants than in a boardroom voting, while preserving the costs paid by the authority and participants -- we made proof-of-concept experiments with up to 1000 participants

Some Efficient Solutions to Yao's Millionaire Problem

We present three simple and efficient protocol constructions to solve Yao's Millionaire Problem when the parties involved are non-colluding and semi-honest. The first construction uses a partially homomorphic Encryption Scheme and is a 4-round scheme using 2 encryptions, 2 homomorphic circuit evaluations (subtraction and XOR) and a single decryption. The second construction uses an untrusted third party and achieves a communication overhead linear in input bit-size with the help of an order preserving function.Moreover, the second construction does not require an apriori input bound and can work on inputs of different bit-sizes. The third construction does not use a third party and, even though, it has a quadratic communication overhead, it is a fairly simple construction.Comment: 17 page