712 research outputs found
Computational Extensive-Form Games
We define solution concepts appropriate for computationally bounded players
playing a fixed finite game. To do so, we need to define what it means for a
\emph{computational game}, which is a sequence of games that get larger in some
appropriate sense, to represent a single finite underlying extensive-form game.
Roughly speaking, we require all the games in the sequence to have essentially
the same structure as the underlying game, except that two histories that are
indistinguishable (i.e., in the same information set) in the underlying game
may correspond to histories that are only computationally indistinguishable in
the computational game. We define a computational version of both Nash
equilibrium and sequential equilibrium for computational games, and show that
every Nash (resp., sequential) equilibrium in the underlying game corresponds
to a computational Nash (resp., sequential) equilibrium in the computational
game. One advantage of our approach is that if a cryptographic protocol
represents an abstract game, then we can analyze its strategic behavior in the
abstract game, and thus separate the cryptographic analysis of the protocol
from the strategic analysis
A Rational Approach to Cryptographic Protocols
This work initiates an analysis of several cryptographic protocols from a
rational point of view using a game-theoretical approach, which allows us to
represent not only the protocols but also possible misbehaviours of parties.
Concretely, several concepts of two-person games and of two-party cryptographic
protocols are here combined in order to model the latters as the formers. One
of the main advantages of analysing a cryptographic protocol in the game-theory
setting is the possibility of describing improved and stronger cryptographic
solutions because possible adversarial behaviours may be taken into account
directly. With those tools, protocols can be studied in a malicious model in
order to find equilibrium conditions that make possible to protect honest
parties against all possible strategies of adversaries
Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing
Cloud computing has become an irreversible trend. Together comes the pressing
need for verifiability, to assure the client the correctness of computation
outsourced to the cloud. Existing verifiable computation techniques all have a
high overhead, thus if being deployed in the clouds, would render cloud
computing more expensive than the on-premises counterpart. To achieve
verifiability at a reasonable cost, we leverage game theory and propose a smart
contract based solution. In a nutshell, a client lets two clouds compute the
same task, and uses smart contracts to stimulate tension, betrayal and distrust
between the clouds, so that rational clouds will not collude and cheat. In the
absence of collusion, verification of correctness can be done easily by
crosschecking the results from the two clouds. We provide a formal analysis of
the games induced by the contracts, and prove that the contracts will be
effective under certain reasonable assumptions. By resorting to game theory and
smart contracts, we are able to avoid heavy cryptographic protocols. The client
only needs to pay two clouds to compute in the clear, and a small transaction
fee to use the smart contracts. We also conducted a feasibility study that
involves implementing the contracts in Solidity and running them on the
official Ethereum network.Comment: Published in ACM CCS 2017, this is the full version with all
appendice
Communication in Bayesian games: Overview of work on implementing mediators in game theory.
game theory; Bayesian games;
Rationality and Efficient Verifiable Computation
In this thesis, we study protocols for delegating computation in a model where one of the parties is rational. In our model, a delegator outsources the computation of a function f on input x to a worker, who receives a (possibly monetary) reward. Our goal is to design very efficient delegation schemes where a worker is economically incentivized to provide the correct result f(x). In this work we strive for not relying on cryptographic assumptions, in particular our results do not require the existence of one-way functions.
We provide several results within the framework of rational proofs introduced by Azar and Micali (STOC 2012).We make several contributions to efficient rational proofs for general feasible computations.
First, we design schemes with a sublinear verifier with low round and communication complexity for space-bounded computations. Second, we provide evidence, as lower bounds, against the existence of rational proofs: with logarithmic communication and polylogarithmic verification for P and with polylogarithmic communication for NP.
We then move to study the case where a delegator outsources multiple inputs. First, we formalize an extended notion of rational proofs for this scenario (sequential composability) and we show that existing schemes do not satisfy it. We show how these protocols incentivize workers to provide many ``fast\u27\u27 incorrect answers which allow them to solve more problems and collect more rewards. We then design a d-rounds rational proof for sufficiently ``regular\u27\u27 arithmetic circuit of depth d = O(log(n)) with sublinear verification. We show, that under certain cost assumptions, our scheme is sequentially composable, i.e. it can be used to delegate multiple inputs. We finally show that our scheme for space-bounded computations is also sequentially composable under certain cost assumptions.
In the last part of this thesis we initiate the study of Fine Grained Secure Computation: i.e. the construction of secure computation primitives against ``moderately complex adversaries. Such fine-grained protocols can be used to obtain sequentially composable rational proofs. We present definitions and constructions for compact Fully Homomorphic Encryption and Verifiable Computation secure against (non-uniform) NC1 adversaries. Our results hold under a widely believed separation assumption implied by L ≠NC1 . We also present two application scenarios for our model: (i) hardware chips that prove their own correctness, and (ii) protocols against rational adversaries potentially relevant to the Verifier\u27s Dilemma in smart-contracts transactions such as Ethereum
FairLedger: A Fair Blockchain Protocol for Financial Institutions
Financial institutions are currently looking into technologies for
permissioned blockchains. A major effort in this direction is Hyperledger, an
open source project hosted by the Linux Foundation and backed by a consortium
of over a hundred companies. A key component in permissioned blockchain
protocols is a byzantine fault tolerant (BFT) consensus engine that orders
transactions. However, currently available BFT solutions in Hyperledger (as
well as in the literature at large) are inadequate for financial settings; they
are not designed to ensure fairness or to tolerate selfish behavior that arises
when financial institutions strive to maximize their own profit.
We present FairLedger, a permissioned blockchain BFT protocol, which is fair,
designed to deal with rational behavior, and, no less important, easy to
understand and implement. The secret sauce of our protocol is a new
communication abstraction, called detectable all-to-all (DA2A), which allows us
to detect participants (byzantine or rational) that deviate from the protocol,
and punish them. We implement FairLedger in the Hyperledger open source
project, using Iroha framework, one of the biggest projects therein. To
evaluate FairLegder's performance, we also implement it in the PBFT framework
and compare the two protocols. Our results show that in failure-free scenarios
FairLedger achieves better throughput than both Iroha's implementation and PBFT
in wide-area settings
- …