Rational Secret Sharing without Broadcast

We consider the concept of rational secret sharing, which was initially introduced by Halpern and Teague \cite{ht04}, where players\u27 preferences are that they prefer to learn the secret than not, and moreover they prefer that as few others learn the secret as possible. This paper is an attempt to introduce a rational secret sharing scheme which defers from previous RSS schemes in that this scheme does not rely on broadcast to send messages but instead uses point to point transmissions. Not only that, but the protocol will not rely on any cryptographic primitives and is coalition resilient except for when the short player colludes with a long player

Rational Secret Sharing with Honest Players over an Asynchronous Channel

We consider the problem of rational secret sharing introduced by Halpern and Teague \cite{HT04}, where the players involved in secret sharing play only if it is to their advantage. This can be characterized in the form of preferences. Players would prefer to get the secret than to not get it and secondly with lesser preference, they would like as few other players to get the secret as possible. Several positive results have already been published to efficiently solve the problem of rational secret sharing. However, only a handful of papers have touched upon the use of an asynchronous broadcast channel, and in those papers, either the protocol involved cryptographic primitives \cite{FKN10} or else the protocol required the dealer to be interactively involved \cite{MSR08a}. However, \cite{OPRV09} did handle such a case through the use of an honest minority of players, but in their paper, they had placed a restriction on the number of honest players that could take part in relation to the total number number of players active in the protocol. In our paper, we propose an $m$-out-of-$n$ rational secret sharing scheme which can function over an asynchronous broadcast channel without the use of cryptographic primitives and with a non-interactive dealer. This is possible because our scheme uses a small number, $k+1$, of honest players. The protocol is resilient to coalitions of size up to $k$ and furthermore it is $\varepsilon$-resilient to coalitions of size up to $m-1$. The protocol will have a strict Nash equilibrium with probability $Pr(\frac{k+1}{n})$ and an $\varepsilon$-Nash equilibrium with probability $Pr(\frac{n-k-1}{n})$. Furthermore, our protocol is immune to backward induction. Later on in the paper, we extend our results to include malicious players as well. We also show that our protocol handles the possibility of a player deviating in order to force another player to get a wrong value. This type of deviation was discussed and handled by Asharov and Lindell \cite{AL09} by increasing the number of rounds. However, our protocol handles this in what we believe to be a more time efficient manner

Building Regular Registers with Rational Malicious Servers and Anonymous Clients

The paper addresses the problem of emulating a regular register in a synchronous distributed system where clients invoking $$\mathsf{read}()$$ and $$\mathsf{write}()$$ operations are anonymous while server processes maintaining the state of the register may be compromised by rational adversaries (i.e., a server might behave as rational malicious Byzantine process). We first model our problem as a Bayesian game between a client and a rational malicious server where the equilibrium depends on the decisions of the malicious server (behave correctly and not be detected by clients vs returning a wrong register value to clients with the risk of being detected and then excluded by the computation). We prove such equilibrium exists and finally we design a protocol implementing the regular register that forces the rational malicious server to behave correctly

Lower Bounds on Implementing Robust and Resilient Mediators

We consider games that have (k,t)-robust equilibria when played with a mediator, where an equilibrium is (k,t)-robust if it tolerates deviations by coalitions of size up to k and deviations by up to $t$ players with unknown utilities. We prove lower bounds that match upper bounds on the ability to implement such mediators using cheap talk (that is, just allowing communication among the players). The bounds depend on (a) the relationship between k, t, and n, the total number of players in the system; (b) whether players know the exact utilities of other players; (c) whether there are broadcast channels or just point-to-point channels; (d) whether cryptography is available; and (e) whether the game has a $k+t)-punishment strategy; that is, a strategy that, if used by all but at most$k+t$ players, guarantees that every player gets a worse outcome than they do with the equilibrium strategy

ARPA Whitepaper

We propose a secure computation solution for blockchain networks. The correctness of computation is verifiable even under malicious majority condition using information-theoretic Message Authentication Code (MAC), and the privacy is preserved using Secret-Sharing. With state-of-the-art multiparty computation protocol and a layer2 solution, our privacy-preserving computation guarantees data security on blockchain, cryptographically, while reducing the heavy-lifting computation job to a few nodes. This breakthrough has several implications on the future of decentralized networks. First, secure computation can be used to support Private Smart Contracts, where consensus is reached without exposing the information in the public contract. Second, it enables data to be shared and used in trustless network, without disclosing the raw data during data-at-use, where data ownership and data usage is safely separated. Last but not least, computation and verification processes are separated, which can be perceived as computational sharding, this effectively makes the transaction processing speed linear to the number of participating nodes. Our objective is to deploy our secure computation network as an layer2 solution to any blockchain system. Smart Contracts\cite{smartcontract} will be used as bridge to link the blockchain and computation networks. Additionally, they will be used as verifier to ensure that outsourced computation is completed correctly. In order to achieve this, we first develop a general MPC network with advanced features, such as: 1) Secure Computation, 2) Off-chain Computation, 3) Verifiable Computation, and 4)Support dApps' needs like privacy-preserving data exchange

An efficient and secure RSA--like cryptosystem exploiting R\'edei rational functions over conics

We define an isomorphism between the group of points of a conic and the set of integers modulo a prime equipped with a non-standard product. This product can be efficiently evaluated through the use of R\'edei rational functions. We then exploit the isomorphism to construct a novel RSA-like scheme. We compare our scheme with classic RSA and with RSA-like schemes based on the cubic or conic equation. The decryption operation of the proposed scheme turns to be two times faster than RSA, and involves the lowest number of modular inversions with respect to other RSA-like schemes based on curves. Our solution offers the same security as RSA in a one-to-one communication and more security in broadcast applications.Comment: 18 pages, 1 figur

KALwEN: A New Practical and Interoperable Key Management Scheme for Body Sensor Networks

Key management is the pillar of a security architecture. Body sensor networks(BSNs) pose several challenges -- some inherited from wireless sensor networks(WSNs), some unique to themselves -- that require a new key management scheme to be tailor-made. The challenge is taken on, and the result is KALwEN, a new lightweight scheme that combines the best-suited cryptographic techniques in a seamless framework. KALwEN is user-friendly in the sense that it requires no expert knowledge of a user, and instead only requires a user to follow a simple set of instructions when bootstrapping or extending a network. One of KALwEN's key features is that it allows sensor devices from different manufacturers, which expectedly do not have any pre-shared secret, to establish secure communications with each other. KALwEN is decentralized, such that it does not rely on the availability of a local processing unit (LPU). KALwEN supports global broadcast, local broadcast and neighbor-to-neighbor unicast, while preserving past key secrecry and future key secrecy. The fact that the cryptographic protocols of KALwEN have been formally verified also makes a convincing case