How Fair is Your Protocol?: A Utility-based Approach to Protocol Optimality

Security of distributed cryptographic protocols usually requires privacy (inputs of the honest parties remain hidden), correctness (the adversary cannot improperly affect the outcome), and fairness (if the adversary learns the output, all honest parties do also). Cleve's seminal result (STOC '86) implies that satisfying these properties simultaneously is impossible in the presence of dishonest majorities, and led to several proposals for relaxed notions of fairness. While these works also suggest completeness results (i.e., the ability to design protocols which achieve their fairness notion), their assessment is typically of an all-or-nothing nature. In this work we put forth a new approach for defining relaxed fairness guarantees that allows for a quantitative comparison between protocols with regard to the level of fairness they achieve. The basic idea is to use an appropriate utility function to express the preferences of an adversary who wants to violate fairness. We also show optimal protocols with respect to our notion, in both the two-party and multi-party settings.

[1]  Moni Naor,et al.  Timed Commitments , 2000, CRYPTO.

[2]  Donald Beaver,et al.  Multiparty Computation with Faulty Majority , 1989, CRYPTO.

[3]  David Zuckerman,et al.  Random Selection with an Adversarial Majority , 2006, CRYPTO.

[4]  Ueli Maurer,et al.  Rational Protocol Design: Cryptography against Incentive-Driven Adversaries , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[5]  Eran Omri,et al.  1/p-Secure Multiparty Computation without Honest Majority and the Best of Both Worlds , 2011, CRYPTO.

[6]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[7]  Manoj Prabhakaran,et al.  Resource Fairness and Composability of Cryptographic Protocols , 2006, Journal of Cryptology.

[8]  Jonathan Katz,et al.  Fair Computation with Rational Players , 2012, EUROCRYPT.

[9]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[10]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[11]  Aggelos Kiayias,et al.  Resource-based corruptions and the combinatorics of hidden diversity , 2013, ITCS '13.

[12]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[13]  Benny Pinkas,et al.  Fair Secure Two-Party Computation , 2003, EUROCRYPT.

[14]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[15]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[16]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[17]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[18]  Ivan Damgård Practical and Provably Secure Release of a Secret and Exchange of Signatures , 1993, EUROCRYPT.

[19]  Ran Canetti,et al.  Toward a Game Theoretic View of Secure Computation , 2011, Journal of Cryptology.

[20]  Jonathan Katz,et al.  Partial Fairness in Secure Two-Party Computation , 2010, Journal of Cryptology.

[21]  Manuel Blum,et al.  How to exchange (secret) keys , 1983, TOCS.

[22]  Ueli Maurer,et al.  Universally Composable Synchronous Computation , 2013, TCC.