Legally Fair Contract Signing Without Keystones

International audienceIn two-party computation, achieving both fairness and guaranteed output delivery is well known to be impossible. Despite this limitation , many approaches provide solutions of practical interest by weakening somewhat the fairness requirement. Such approaches fall roughly in three categories: " gradual release " schemes assume that the aggrieved party can eventually reconstruct the missing information; " optimistic schemes " assume a trusted third party arbitrator that can restore fairness in case of litigation; and " concurrent " or " legally fair " schemes in which a breach of fairness is compensated by the aggrieved party having a digitally signed cheque from the other party (called the keystone). In this paper we describe and analyse a new contract signing paradigm that doesn't require keystones to achieve legal fairness, and give a concrete construction based on Schnorr signatures which is compatible with standard Schnorr signatures and provably secure

Contracts Ex Machina

Smart contracts are self-executing digital transactions using decentralized cryptographic mechanisms for enforcement. They were theorized more than twenty years ago, but the recent development of Bitcoin and blockchain technologies has rekindled excitement about their potential among technologists and industry. Startup companies and major enterprises alike are now developing smart contract solutions for an array of markets, purporting to offer a digital bypass around traditional contract law. For legal scholars, smart contracts pose a significant question: Do smart contracts offer a superior solution to the problems that contract law addresses? In this article, we aim to understand both the potential and the limitations of smart contracts. We conclude that smart contracts offer novel possibilities, may significantly alter the commercial world, and will demand new legal responses. But smart contracts will not displace contract law. Understanding why not brings into focus the essential role of contract law as a remedial institution. In this way, smart contracts actually illuminate the role of contract law more than they obviate it

Secure Computation with Non-Equivalent Penalties in Constant Rounds

It is known that Bitcoin enables to achieve fairness in secure computation by imposing a monetary penalty on adversarial parties. This functionality is called secure computation with penalties. Bentov and Kumaresan (Crypto 2014) showed that it could be realized with O(n) rounds and O(n) broadcasts for any function, where n is the number of parties. Kumaresan and Bentov (CCS 2014) posed an open question: "Is it possible to design secure computation with penalties that needs only O(1) rounds and O(n) broadcasts?" In this work, we introduce secure computation with non-equivalent penalties, and design a protocol achieving this functionality with O(1) rounds and O(n) broadcasts only. The new functionality is the same as secure computation with penalties except that every honest party receives more than a predetermined amount of compensation while the previous one requires that every honest party receives the same amount of compensation. In particular, both are the same if all parties behave honestly. Thus, our result gives a partial answer to the open problem with a slight and natural modification of functionality

An Overview of Fairness Notions in Multi-Party Computation

Die sichere Mehrparteienberechnung (``Multi-party Computation\u27\u27, MPC) ist eine kryptografische Technik, die es mehreren Parteien, die sich gegenseitig misstrauen, ermöglicht, gemeinsam eine Funktion über ihre privaten Eingaben zu berechnen. Fairness in MPC ist definiert als die Eigenschaft, dass, wenn eine Partei die Ausgabe erhält, alle ehrlichen Parteien diese erhalten. Diese Arbeit befasst sich mit dem Defizit an umfassenden Übersichten über verschiedene Fairnessbegriffe in MPC. Vollständige Fairness (``complete fairness\u27\u27), die oft als Ideal angesehen wird, garantiert, dass entweder alle ehrlichen Parteien ein Ergebnis erhalten oder keine. Dieses Ideal ist jedoch aufgrund theoretischer und kontextbezogener Beschränkungen im Allgemeinen nicht zu erreichen. Infolgedessen haben sich alternative Begriffe herausgebildet, um diese Einschränkungen zu überwinden. In dieser Arbeit werden verschiedene Fairnessbegriffe in MPC untersucht, darunter vollständige Fairness, partielle Fairness (``Partial Fairness\u27\u27), Delta-Fairness, graduelle Freigabe, Fairness mit Strafen und probabilistische Fairness. Jedes Konzept stellt unterschiedliche Anforderungen und Einschränkungen für reale Szenarien dar. Wir stellen fest, dass vollständige Fairness eine ehrliche Mehrheit erfordert, um für allgemeine Funktionen ohne stärkere Annahmen, wie z. B. den Zugang zu öffentlichen Ledgern, erreicht zu werden, während bestimmte Funktionen auch ohne diese Annahmen mit vollständiger Fairness berechnet werden können. Andere Begriffe, wie Delta-Fairness, erfordern sichere Hardwarekomponenten. Wir geben einen Überblick über die Begriffe, ihre Zusammenhänge, Kompromisse und praktischen Implikationen dieser Begriffe. Darüber hinaus fassen wir die Ergebnisse in einer vergleichenden Tabelle zusammen, die einen kompakten Überblick über die Protokolle bietet, die diese Fairnessbegriffe erfüllen, und die Kompromisse zwischen Sicherheit, Effizienz und Anwendbarkeit aufzeigt. In der Arbeit werden Annahmen und Einschränkungen im Zusammenhang mit verschiedenen Fairnessbegriffe aufgezeigt und Protokolle aus grundlegenden Arbeiten auf diesem Gebiet zitiert. Es werden auch mehrere Unmöglichkeitsergebnisse vorgestellt, die die inhärenten Herausforderungen beim Erreichen von Fairness im MPC aufzeigen. Die praktischen Implikationen dieser Fairnesskonzepte werden untersucht und geben Einblicke in ihre Anwendbarkeit und Grenzen in realen Szenarien

Algorithms that Remember: Model Inversion Attacks and Data Protection Law

Many individuals are concerned about the governance of machine learning systems and the prevention of algorithmic harms. The EU's recent General Data Protection Regulation (GDPR) has been seen as a core tool for achieving better governance of this area. While the GDPR does apply to the use of models in some limited situations, most of its provisions relate to the governance of personal data, while models have traditionally been seen as intellectual property. We present recent work from the information security literature around `model inversion' and `membership inference' attacks, which indicate that the process of turning training data into machine learned systems is not one-way, and demonstrate how this could lead some models to be legally classified as personal data. Taking this as a probing experiment, we explore the different rights and obligations this would trigger and their utility, and posit future directions for algorithmic governance and regulation.Comment: 15 pages, 1 figur

Oblivious and Fair Server-Aided Two-Party Computation

We show efficient, practical (server-aided) secure two-party computation protocols ensuring privacy, correctness and fairness in the presence of malicious (Byzantine) faults. Our requirements from the server are modest: to ensure privacy and correctness, we only assume offline set-up prior to protocol execution; and to also ensure fairness, we further assume a trusted-decryption service, providing decryption service using known public key. The fairness-ensuring protocol is optimistic, i.e., the decryption service is invoked only in case of faults. Both assumptions are feasible in practice and formally presented in the hybrid model. The resulting protocols may be sufficiently efficient, to allow deployment, in particular for financial applications

Improvements to Secure Computation with Penalties

Motivated by the impossibility of achieving fairness in secure computation [Cleve, STOC 1986], recent works study a model of fairness in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty to every other party that did not receive the output. These works show how to design protocols for secure computation with penalties that tolerate an arbitrary number of corruptions. In this work, we improve the efficiency of protocols for secure computation with penalties in a hybrid model where parties have access to the “claim-or-refund” transaction functionality. Our first improvement is for the ladder protocol of Bentov and Kumaresan (Crypto 2014) where we improve the dependence of the script complexity of the protocol (which corresponds to miner verification load and also space on the blockchain) on the number of parties from quadratic to linear (and in particular, is completely independent of the underlying function). Our second improvement is for the see-saw protocol of Kumaresan et al. (CCS 2015) where we reduce the total number of claim-or-refund transactions and also the script complexity from quadratic to linear in the number of parties. We also present a ‘dual-mode’ protocol that offers different guarantees depending on the number of corrupt parties: (1) when s n/2 parties are corrupt, this protocol guarantees fairness with penalties (i.e., if the adversary gets the output, then either the honest parties get output as well or they get compensation via penalizing the adversary). The above protocol works as long as t+s < n, matching the bound obtained for secure computation protocols in the standard model (i.e., replacing “fairness with penalties” with “securitywith-abort” (full security except fairness)) by Ishai et al. (SICOMP 2011). Keywords: Bitcoin, secure computation, fairness.National Science Foundation (U.S.) (Grant CNS-1350619)National Science Foundation (U.S.) (Grant CNS1414119)Alfred P. Sloan Foundation (Research Fellowship)Microsoft (Faculty Fellowship