Optimally Efficient Multi-Party Fair Exchange and Fair Secure Multi-Party Computation

Multi-party fair exchange (MFE) and fair secure multi-party computation (fair SMPC) are under-studied fields of research, with practical importance. We examine MFE scenarios where every participant has some item, and at the end of the protocol, either every participant receives every other participant’s item, or no participant receives anything. This is a particularly hard scenario, even though it is directly applicable to protocols such as fair SMPC or multi-party contract signing. We further generalize our protocol to work for any exchange topology. We analyse the case where a trusted third party (TTP) is optimistically available, although we emphasize that the trust put on the TTP is only regarding the fairness, and our protocols preserve the privacy of the exchanged items even against a malicious TTP. We construct an asymptotically optimal (for the complete topology) multi-party fair exchange protocol that requires a constant number of rounds, in comparison to linear, and O(n^2) messages, in comparison to cubic, where n is the number of participating parties. We enable the parties to efficiently exchange any item that can be efficiently put into a verifiable escrow (e.g., signatures on a contract). We show how to apply this protocol on top of any SMPC protocol to achieve a fairness guarantee with very little overhead, especially if the SMPC protocol works with arithmetic circuits. Our protocol guarantees fairness in its strongest sense: even if all n−1 other participants are malicious and colluding, fairness will hold

Improved multi-party contract signing

Abstract. A multi-party contract signing protocol allows a set of participants to exchange messages with each other with a view to arriving in a state in which each of them has a pre-agreed contract text signed by all the others. “Optimistic ” such protocols allow parties to sign a contract initially without involving a trusted third party T. If all signers are honest and messages are not arbitrarily delayed, the protocol can conclude successfully without T ’s involvement. Signers can ask T to intervene if something goes amiss, for example, if an expected message is not received. Two multi-party contract signing protocols have been proposed so far. One solution to this problem was proposed by Garay and MacKenzie (DISC’99) based on private contract signatures, but it was subsequently shown to be fundamentally flawed (it fails the fairness property). Another more efficient protocol was proposed by Baum-Waidner and Waidner (ICALP’00). It has not been compromised, but it is based on a nonstandard notion of a signed contract. In this paper, we propose a new optimistic multi-party contract signing protocol based on private contract signatures. It does not use a nonstandard notion of a signed contract and has half the message complexity of the previous solution.

Byzantine agreement protocols with a minimum number of messages in the faultless case

SIGLECopy held by FIZ Karlsruhe; available from UB/TIB Hannover / FIZ - Fachinformationszzentrum Karlsruhe / TIB - Technische InformationsbibliothekDEGerman

and Design Deliverable D10 of ACTS Project AC026 Public Specification

SEMPER is part of the European Commission's ACTS Programme (Advanced Communications Technologies and Services). Funding is provided by the partner organisations, the European Union, and the Swiss Federal Department for Education and Science. The members of the SEMPER consortium are Commerzbank (D)

Basic Services, Architecture and Design

This report is the first publicly available technical deliverable of SEMPER, "Secure Electronic Marketplace for Europe." It describes the main results on the security architecture of the first year (September 1995- August 1996). The main objective of SEMPER is to develop, implement, trial and evaluate an open security architecture for electronic commerce over open networks (e.g., the Internet). This will be done in several steps starting with a trial of basic services after the first year followed by the implementation and evaluation of more advanced trials in the following two years. This report describes the initial version of the SEMPER architecture, the initial design and how it will be implemented. Details on the integration of this implementation in the trials can be found in Deliverable D04 ("Basic Services, Prototype and Internet Trial"), while more information on the trials can be found in Deliverable D05 ("First Year Surveys and Evaluation"). The architecture of SEMPER defines a set of service layers. The lowest layer contains supporting services (archiving, cryptographic functions, communication, user interface). On top of this, a transfer layer provides services for electronic payment and secure transfer of documents. The next layer, the exchange layer, combines transfers into fair exchanges, e.g., contract signing, certified mail. These services are used by the commerce layer to provide more complex business primitives, e.g., "send order" for filling in a pre-defined order template, signing it, and sending it to the business partner. The architecture is open: New service modules can be integrated via generic API's (e.g., new payment systems by adapting them to a generic payment API). New business applications (e.g., an on-line auction) can be supported via ..

Generalizing multi-party contract signing

Multi-party contract signing (MPCS) protocols allow a group of signers to exchange signatures on a predefined contract. Previous approaches considered either completely linear protocols or fully parallel broadcasting protocols. We introduce the new class of DAG MPCS protocols which combines parallel and linear execution and allows for parallelism even within a signer role. This generalization is useful in practical applications where the set of signers has a hierarchical structure, such as chaining of service level agreements and subcontracting. Our novel DAG MPCS protocols are represented by directed acyclic graphs and equipped with a labeled transition system semantics. We define the notion of abort-chaining sequences and prove that a DAG MPCS protocol satisfies fairness if and only if it does not have an abort-chaining sequence. We exhibit several examples of optimistic fair DAG MPCS protocols. The fairness of these protocols follows from our theory and has additionally been verified with our automated tool. We define two complexity measures for DAG MPCS protocols, related to execution time and total number of messages exchanged. We prove lower bounds for fair DAG MPCS protocols in terms of these measures.Comment: Extended version of POST 2015 pape

Unconditional Byzantine Agreement and Multi-Party Computation Secure Against Dishonest Minorities from Scratch

Abstract. It is well-known that n players, connected only by pairwise secure channels, can achieve unconditional broadcast if and only if the number t of cheaters satisfies t < n/3. In this paper, we show that this bound can be improved — at the sole price that the adversary can prevent successful completion of the protocol, but in which case all players will have agreement about this fact. Moreover, a first time slot during which the adversary forgets to cheat can be reliably detected and exploited in order to allow for future broadcasts with t < n/2. This even allows for secure multi-party computation with t < n/2 after the first detection of such a time slot