Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards

Secure multiparty computation allows mutually distrusting parties to compute a function on their private inputs such that nothing but the function output is revealed. Achieving fairness --- that all parties learn the output or no one does -- is a long studied problem with known impossibility results in the standard model if a majority of parties are dishonest. We present a new model for achieving fairness in MPC against dishonest majority by using public bulletin boards implemented via existing infrastructure such as blockchains or Google's certificate transparency logs. We present both theoretical and practical constructions using either witness encryption or trusted hardware (such as Intel SGX). Unlike previous works that either penalize an aborting party or achieve weaker notions such as $\Delta$-fairness, we achieve complete fairness using existing infrastructure.

[1]  Iddo Bentov,et al.  Amortizing Secure Computation with Penalties , 2016, CCS.

[2]  Jan Camenisch,et al.  Optimistic Fair Secure Computation , 2000, CRYPTO.

[3]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[4]  Iddo Bentov,et al.  How to Use Bitcoin to Play Decentralized Poker , 2015, CCS.

[5]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[6]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[7]  Anna Lysyanskaya,et al.  Unique Signatures and Verifiable Random Functions from the DH-DDH Separation , 2002, CRYPTO.

[8]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[9]  Yehuda Lindell,et al.  Impossibility Results for Universal Composability in Public-Key Models and with Fixed Inputs , 2011, Journal of Cryptology.

[10]  Nitin Gurbani Let’s Encrypt , 2015 .

[11]  Elaine Shi,et al.  Formal Abstractions for Attested Execution Secure Processors , 2017, EUROCRYPT.

[12]  Gilad Asharov,et al.  Towards Characterizing Complete Fairness in Secure Two-Party Computation , 2014, IACR Cryptol. ePrint Arch..

[13]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[14]  Moni Naor,et al.  Timed Commitments , 2000, CRYPTO.

[15]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[16]  Juan A. Garay,et al.  Timed Fair Exchange of Standard Signatures: [Extended Abstract] , 2003, Financial Cryptography.

[17]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, IEEE Symposium on Security and Privacy.

[18]  Silvio Micali,et al.  A Fair Protocol for Signing Contracts (Extended Abstract) , 1985, ICALP.

[19]  Jean-Sébastien Coron,et al.  Practical Multilinear Maps over the Integers , 2013, CRYPTO.

[20]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[21]  Donald Beaver,et al.  Multiparty Computation with Faulty Majority , 1989, CRYPTO.

[22]  Markus Jakobsson,et al.  Abuse-Free Optimistic Contract Signing , 1999, CRYPTO.

[23]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[24]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[25]  Yehuda Lindell Legally Enforceable Fairness in Secure Two-Party Communication , 2009, Chic. J. Theor. Comput. Sci..

[26]  Craig Gentry,et al.  Graph-Induced Multilinear Maps from Lattices , 2015, TCC.

[27]  Ran Canetti,et al.  Practical UC security with a Global Random Oracle , 2014, CCS.

[28]  Rafail Ostrovsky,et al.  Invariant Signatures and Non-Interactive Zero-Knowledge Proofs are Equivalent (Extended Abstract) , 1992, CRYPTO.

[29]  N. Asokan,et al.  Optimistic protocols for fair exchange , 1997, CCS '97.

[30]  Jonathan Katz,et al.  Partial Fairness in Secure Two-Party Computation , 2010, Journal of Cryptology.

[31]  Eran Omri,et al.  1/p-Secure Multiparty Computation without Honest Majority and the Best of Both Worlds , 2011, CRYPTO.

[32]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[33]  Alptekin Küpçü,et al.  Efficiently Making Secure Two-Party Computation Fair , 2016, Financial Cryptography.

[34]  Alptekin Küpçü,et al.  Usable Optimistic Fair Exchange , 2010, CT-RSA.

[35]  N. Asokan,et al.  Optimistic Fair Exchange of Digital Signatures (Extended Abstract) , 1998, EUROCRYPT.

[36]  Benny Pinkas,et al.  Fair Secure Two-Party Computation , 2003, EUROCRYPT.

[37]  Eran Omri,et al.  Complete Characterization of Fairness in Secure Two-Party Computation of Boolean Functions , 2015, TCC.

[38]  Kai-Min Chung,et al.  On Extractability Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[39]  Kenneth G. Paterson,et al.  Concurrent Signatures , 2004, EUROCRYPT.

[40]  Rafail Ostrovsky,et al.  On Complete Primitives for Fairness , 2010, TCC.

[41]  Silvio Micali,et al.  Simple and fast optimistic protocols for fair electronic exchange , 2003, PODC '03.

[42]  Manoj Prabhakaran,et al.  Resource Fairness and Composability of Cryptographic Protocols , 2006, TCC.

[43]  Yehuda Lindell,et al.  A Full Characterization of Functions that Imply Fair Coin Tossing and Ramifications to Fairness , 2013, TCC.

[44]  Yehuda Lindell,et al.  Fair and Efficient Secure Multiparty Computation with Reputation Systems , 2013, IACR Cryptol. ePrint Arch..

[45]  Ariel Gabizon,et al.  Cryptocurrencies Without Proof of Work , 2014, Financial Cryptography Workshops.

[46]  Bar Alon,et al.  Almost-Optimally Fair Multiparty Coin-Tossing with Nearly Three-Quarters Malicious , 2016, TCC.

[47]  Allison Bishop,et al.  Witness Encryption from Instance Independent Assumptions , 2014, IACR Cryptol. ePrint Arch..

[48]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[49]  Markus Jakobsson,et al.  Timed Release of Standard Digital Signatures , 2002, Financial Cryptography.

[50]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[51]  Marcel Keller,et al.  Practical Covertly Secure MPC for Dishonest Majority - Or: Breaking the SPDZ Limits , 2013, ESORICS.

[52]  Yevgeniy Dodis,et al.  Optimistic Fair Exchange in a Multi-user Setting , 2007, J. Univers. Comput. Sci..

[53]  Samuel Dov Gordon,et al.  On Fairness in Secure Computation , 2010 .

[54]  Jonathan Katz,et al.  Complete Fairness in Multi-Party Computation Without an Honest Majority , 2009, IACR Cryptol. ePrint Arch..

[55]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[56]  Jean-Sébastien Coron,et al.  New Multilinear Maps Over the Integers , 2015, CRYPTO.

[57]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[58]  Yehuda Lindell,et al.  Complete Fairness in Secure Two-Party Computation , 2011, JACM.