Secure Two-Party Computation with Fairness - A Necessary Design Principle

Protocols for secure two-party computation enable a pair of mutually distrustful parties to carry out a joint computation of their private inputs without revealing anything but the output. One important security property that has been considered is that of fairness which guarantees that if one party learns the output then so does the other. In the case of two-party computation, fairness is not always possible, and in particular two parties cannot fairly toss a coin (Cleve, 1986). Despite this, it is actually possible to securely compute many two-party functions with fairness (Gordon et al., 2008 and follow-up work). However, all known two-party protocols that achieve fairness have the unique property that the effective input of the corrupted party is determined at an arbitrary point in the protocol. This is in stark contrast to almost all other known protocols that have an explicit fixed round at which the inputs are committed.

[1]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[2]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[3]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[4]  Yehuda Lindell,et al.  Complete Fairness in Secure Two-Party Computation , 2011, JACM.

[5]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[6]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[7]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 1, Basic Tools , 2001 .

[8]  Yehuda Lindell,et al.  A Full Characterization of Functions that Imply Fair Coin Tossing and Ramifications to Fairness , 2013, TCC.

[9]  Gilad Asharov,et al.  Towards Characterizing Complete Fairness in Secure Two-Party Computation , 2014, IACR Cryptol. ePrint Arch..

[10]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[11]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[12]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation Without Set-Up Assumptions , 2003, Journal of Cryptology.

[13]  Eran Omri,et al.  Complete Characterization of Fairness in Secure Two-Party Computation of Boolean Functions , 2015, TCC.

[14]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[15]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[16]  Silvio Micali,et al.  Simple and fast optimistic protocols for fair electronic exchange , 2003, PODC '03.

[17]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[18]  Silvio Micali,et al.  Parallel Reducibility for Information-Theoretically Secure Computation , 2000, CRYPTO.

[19]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation without Set-up Assumptions , 2003, EUROCRYPT.

[20]  N. Asokan,et al.  Optimistic protocols for fair exchange , 1997, CCS '97.

[21]  Joe Kilian Secure Computation , 2011, Encyclopedia of Cryptography and Security.

[22]  Donald Beaver,et al.  Foundations of Secure Interactive Computing , 1991, CRYPTO.

[23]  Donald Beaver,et al.  Multiparty Computation with Faulty Majority , 1989, CRYPTO.

[24]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[25]  Benny Pinkas,et al.  Secure Computation of the k th-Ranked Element , 2004, EUROCRYPT.

[26]  Jonathan Katz,et al.  Complete Fairness in Multi-Party Computation Without an Honest Majority , 2009, IACR Cryptol. ePrint Arch..

[27]  Benny Pinkas,et al.  Secure computation of the kth-ranked element , 2004 .

[28]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.