12,282 research outputs found
Partial Fairness in Secure Two-Party Computation
A seminal result of Cleve (STOC \u2786) is that, in general, complete fairness is impossible to achieve in two-party computation. In light of this, various techniques for obtaining partial fairness have been suggested in the literature. We propose a definition of partial fairness within the standard real-/ideal-world paradigm that addresses deficiencies of prior definitions. We also show broad feasibility results with respect to our definition: partial fairness is possible for any (randomized) functionality at least one of whose domains or ranges is polynomial in size. Our protocols are always private, and when one of the domains has polynomial size our protocols also simultaneously achieve the usual notion of security with abort. In contrast to some prior work, we rely on standard assumptions only.
We also show that, as far as general feasibility is concerned, our results are optimal. Specifically, there exist functions with super-polynomial domains and ranges for which it is impossible to achieve our definition
General Partially Fair Multi-Party Computation with VDFs
Gordon and Katz, in Partial Fairness in Secure Two-Party Computation , present a protocol for two-party computation with partial fairness
which depends on presumptions on the size of the input or output of the functionality. They also
show that for some other functionalities, this notion of partial fairness is impossible to achieve.
In this work, we get around this impossibility result using verifiable delay functions, a primitive
which brings in an assumption on the inability of an adversary to compute a certain function in a
specified time. We present a gadget using VDFs which allows for any MPC to be carried out with
≈ 1/R partial fairness, where R is the number of communication rounds
Efficiently Making Secure Two-Party Computation Fair
Secure two-party computation cannot be fair against malicious adversaries, unless a trusted third party (TTP) or a gradual-release type super-constant round protocol is employed. Existing optimistic fair two-party computation protocols with constant rounds are either too costly to arbitrate (e.g., the TTP may need to re-do almost the whole computation), or require the use of electronic payments. Furthermore, most of the existing solutions were proven secure and fair via a partial simulation, which, we show, may lead to insecurity overall. We propose a new framework for fair and secure two-party computation that can be applied on top of any secure two party computation protocol based on Yao's garbled circuits and zero-knowledge proofs. We show that our fairness overhead is minimal, compared to all known existing work. Furthermore, our protocol is fair even in terms of the work performed by Alice and Bob. We also prove our protocol is fair and secure simultaneously, through one simulator, which guarantees that our fairness extensions do not leak any private information. Lastly, we ensure that the TTP never learns the inputs or outputs of the computation. Therefore, even if the TTP becomes malicious and causes unfairness by colluding with one party, the security of the underlying protocol is still preserved
Secure Multiparty Computation with Partial Fairness
A protocol for computing a functionality is secure if an adversary in this
protocol cannot cause more harm than in an ideal computation where parties give
their inputs to a trusted party which returns the output of the functionality
to all parties. In particular, in the ideal model such computation is fair --
all parties get the output. Cleve (STOC 1986) proved that, in general, fairness
is not possible without an honest majority. To overcome this impossibility,
Gordon and Katz (Eurocrypt 2010) suggested a relaxed definition -- 1/p-secure
computation -- which guarantees partial fairness. For two parties, they
construct 1/p-secure protocols for functionalities for which the size of either
their domain or their range is polynomial (in the security parameter). Gordon
and Katz ask whether their results can be extended to multiparty protocols.
We study 1/p-secure protocols in the multiparty setting for general
functionalities. Our main result is constructions of 1/p-secure protocols when
the number of parties is constant provided that less than 2/3 of the parties
are corrupt. Our protocols require that either (1) the functionality is
deterministic and the size of the domain is polynomial (in the security
parameter), or (2) the functionality can be randomized and the size of the
range is polynomial. If the size of the domain is constant and the
functionality is deterministic, then our protocol is efficient even when the
number of parties is O(log log n) (where n is the security parameter). On the
negative side, we show that when the number of parties is super-constant,
1/p-secure protocols are not possible when the size of the domain is
polynomial
How to Incentivize Data-Driven Collaboration Among Competing Parties
The availability of vast amounts of data is changing how we can make medical
discoveries, predict global market trends, save energy, and develop educational
strategies. In some settings such as Genome Wide Association Studies or deep
learning, sheer size of data seems critical. When data is held distributedly by
many parties, they must share it to reap its full benefits.
One obstacle to this revolution is the lack of willingness of different
parties to share data, due to reasons such as loss of privacy or competitive
edge. Cryptographic works address privacy aspects, but shed no light on
individual parties' losses/gains when access to data carries tangible rewards.
Even if it is clear that better overall conclusions can be drawn from
collaboration, are individual collaborators better off by collaborating?
Addressing this question is the topic of this paper.
* We formalize a model of n-party collaboration for computing functions over
private inputs in which participants receive their outputs in sequence, and the
order depends on their private inputs. Each output "improves" on preceding
outputs according to a score function.
* We say a mechanism for collaboration achieves collaborative equilibrium if
it ensures higher reward for all participants when collaborating (rather than
working alone). We show that in general, computing a collaborative equilibrium
is NP-complete, yet we design efficient algorithms to compute it in a range of
natural model settings.
Our collaboration mechanisms are in the standard model, and thus require a
central trusted party; however, we show this assumption is unnecessary under
standard cryptographic assumptions. We show how to implement the mechanisms in
a decentralized way with new extensions of secure multiparty computation that
impose order/timing constraints on output delivery to different players, as
well as privacy and correctness
Instantaneous Decentralized Poker
We present efficient protocols for amortized secure multiparty computation
with penalties and secure cash distribution, of which poker is a prime example.
Our protocols have an initial phase where the parties interact with a
cryptocurrency network, that then enables them to interact only among
themselves over the course of playing many poker games in which money changes
hands.
The high efficiency of our protocols is achieved by harnessing the power of
stateful contracts. Compared to the limited expressive power of Bitcoin
scripts, stateful contracts enable richer forms of interaction between standard
secure computation and a cryptocurrency.
We formalize the stateful contract model and the security notions that our
protocols accomplish, and provide proofs using the simulation paradigm.
Moreover, we provide a reference implementation in Ethereum/Solidity for the
stateful contracts that our protocols are based on.
We also adopt our off-chain cash distribution protocols to the special case
of stateful duplex micropayment channels, which are of independent interest. In
comparison to Bitcoin based payment channels, our duplex channel implementation
is more efficient and has additional features
- …