Legally-Enforceable Fairness in Secure Two-Party Computation

In the setting of secure multiparty computation, a set of mutually distrustful parties wish to securely compute some joint function of their private inputs. The computation should be carried out in a secure way, meaning that the properties privacy, correctness, independence of inputs, fairness and guaranteed output delivery should all be preserved. Unfortunately, in the case of no honest majority - and specifically in the important two-party case - it is impossible to achieve fairness and guaranteed output delivery. In this paper, we show how a legal infrastructure that respects digital signatures can be used to enforce fairness in two-party computation. Our protocol has the property that if one party obtains output while the other does not (meaning that fairness is breached), then the party not obtaining output has a digitally signed cheque from the other party. Thus, fairness can be "enforced" in the sense that any breach results in a loss of money by the adversarial party.

[1]  Kenneth G. Paterson,et al.  Concurrent Signatures , 2004, EUROCRYPT.

[2]  Ran Canetti,et al.  Universal Composition with Joint State , 2003, CRYPTO.

[3]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[4]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[5]  Manoj Prabhakaran,et al.  Resource Fairness and Composability of Cryptographic Protocols , 2006, Journal of Cryptology.

[6]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[7]  Benny Pinkas,et al.  Fair Secure Two-Party Computation , 2003, EUROCRYPT.

[8]  N. Asokan,et al.  Optimistic protocols for fair exchange , 1997, CCS '97.

[9]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[10]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[11]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[12]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[13]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[14]  Yehuda Lindell,et al.  Secure Multi-Party Computation without Agreement , 2005, Journal of Cryptology.

[15]  Donald Beaver,et al.  Multiparty Computation with Faulty Majority , 1989, CRYPTO.

[16]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[17]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[18]  Yehuda Lindell,et al.  On the composition of authenticated byzantine agreement , 2002, STOC '02.

[19]  Silvio Micali,et al.  Simple and fast optimistic protocols for fair electronic exchange , 2003, PODC '03.

[20]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[21]  Jan Camenisch,et al.  Optimistic Fair Secure Computation , 2000, CRYPTO.

[22]  Yehuda Lindell,et al.  Secure Computation without Agreement , 2002, DISC.

[23]  Ran Canetti,et al.  Universally composable signature, certification, and authentication , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[24]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[25]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.