Fairness with an Honest Minority and a

We provide a simple protocol for secret reconstruction in any threshold secret sharing scheme, and prove that it is fair when executed with many rational parties together with a small minority of honest parties. That is, all parties will learn the secret with high probability when the honest parties follow the protocol and the rational parties act in their own self-interest (as captured by a set-Nash analogue of trembling hand perfect equilibrium). The protocol only requires a standard (synchronous) broadcast channel, tolerates both early stopping and incorrectly computed messages, and only requires 2 rounds of communication. Previous protocols for this problem in the cryptographic or economic models have either required an honest majority, used strong communication channels that enable simultaneous exchange of information, or settled for approximate notions of security/equilibria. They all also required a nonconstant number of rounds of communication.

[1]  R. Selten Reexamination of the perfectness concept for equilibrium points in extensive games , 1975, Classics in Game Theory.

[2]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[3]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[4]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[5]  David M. Kreps,et al.  Sequential Equilibria Author ( s ) : , 1982 .

[6]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[7]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[8]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[9]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[10]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[11]  J. Weibull,et al.  Strategy subsets closed under rational behavior , 1991 .

[12]  Drew Fudenberg,et al.  Game theory (3. pr.) , 1991 .

[13]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[14]  Yoav Shoham,et al.  Truth revelation in approximately efficient combinatorial auctions , 2002, EC '99.

[15]  Moni Naor,et al.  Timed Commitments , 2000, CRYPTO.

[16]  Noam Nisan,et al.  Algorithmic Mechanism Design , 2001, Games Econ. Behav..

[17]  Joan Feigenbaum,et al.  Sharing the Cost of Multicast Transmissions , 2001, J. Comput. Syst. Sci..

[18]  Markus Jakobsson,et al.  Timed Release of Standard Digital Signatures , 2002, Financial Cryptography.

[19]  Joan Feigenbaum,et al.  A BGP-based mechanism for lowest-cost routing , 2002, PODC '02.

[20]  Joan Feigenbaum,et al.  Distributed algorithmic mechanism design: recent results and future directions , 2002, DIALM '02.

[21]  Yoav Shoham,et al.  Towards a general theory of non-cooperative computation , 2003, TARK '03.

[22]  Benny Pinkas,et al.  Fair Secure Two-Party Computation , 2003, EUROCRYPT.

[23]  Abhi Shelat,et al.  Completely fair SFE and coalition-safe cheap talk , 2004, PODC '04.

[24]  E. Kalai Large Robust Games , 2004 .

[25]  Joseph Y. Halpern,et al.  Rational secret sharing and multiparty computation: extended abstract , 2004, STOC '04.

[26]  D.C. Parkes,et al.  Distributed implementations of Vickrey-Clarke-Groves mechanisms , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[27]  David C. Parkes,et al.  Specification faithfulness in networks with rational nodes , 2004, PODC '04.

[28]  Moshe Babaioff,et al.  Mechanism Design for Single-Value Domains , 2005, AAAI.

[29]  Noam Nisan,et al.  Online ascending auctions for gradually expiring items , 2005, SODA '05.

[30]  Sergei Izmalkov,et al.  Rational secure computation and ideal mechanism design , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[31]  Moshe Tennenholtz,et al.  Non-cooperative computation: Boolean functions with correctness and exclusivity , 2005, Theor. Comput. Sci..

[32]  Abhi Shelat,et al.  Collusion-free protocols , 2005, STOC '05.

[33]  Michael Dahlin,et al.  BAR fault tolerance for cooperative services , 2005, SOSP '05.

[34]  Tuomas Sandholm,et al.  Algorithms for Rationalizability and CURB Sets , 2006, AAAI.

[35]  Danny Dolev,et al.  Distributed computing meets game theory: robust mechanisms for rational secret sharing and multiparty computation , 2006, PODC '06.

[36]  Jonathan Katz,et al.  Rational Secret Sharing, Revisited , 2006, SCN.

[37]  Anna Lysyanskaya,et al.  Rationality and Adversarial Behavior in Multi-party Computation , 2006, CRYPTO.

[38]  Moni Naor,et al.  Games for exchanging information , 2008, STOC.

[39]  Boi Faltings,et al.  M-DPOP: Faithful Distributed Implementations of Efficient Social Choice Problems , 2008 .

[40]  David C. Parkes,et al.  Fairness with an Honest Minority and a Rational Majority , 2009, TCC.