Improvements to Secure Computation with Penalties

Motivated by the impossibility of achieving fairness in secure computation [Cleve, STOC 1986], recent works study a model of fairness in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty to every other party that did not receive the output. These works show how to design protocols for secure computation with penalties that tolerate an arbitrary number of corruptions. In this work, we improve the efficiency of protocols for secure computation with penalties in a hybrid model where parties have access to the "claim-or-refund" transaction functionality. Our first improvement is for the ladder protocol of Bentov and Kumaresan (Crypto 2014) where we improve the dependence of the script complexity of the protocol (which corresponds to miner verification load and also space on the blockchain) on the number of parties from quadratic to linear (and in particular, is completely independent of the underlying function). Our second improvement is for the see-saw protocol of Kumaresan et al. (CCS 2015) where we reduce the total number of claim-or-refund transactions and also the script complexity from quadratic to linear in the number of parties. We also present a 'dual-mode' protocol that offers different guarantees depending on the number of corrupt parties: (1) when s n/2 parties are corrupt, this protocol guarantees fairness with penalties (i.e., if the adversary gets the output, then either the honest parties get output as well or they get compensation via penalizing the adversary). The above protocol works as long as t+s < n, matching the bound obtained for secure computation protocols in the standard model (i.e., replacing "fairness with penalties" with "security-with-abort" (full security except fairness)) by Ishai et al. (SICOMP 2011).

[1]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[2]  Marcin Andrychowicz,et al.  On the Malleability of Bitcoin Transactions , 2015, Financial Cryptography Workshops.

[3]  Benny Pinkas,et al.  Fair Secure Two-Party Computation , 2003, EUROCRYPT.

[4]  Elaine Shi,et al.  Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[5]  Marcin Andrychowicz,et al.  Fair Two-Party Computations via Bitcoin Deposits , 2014, Financial Cryptography Workshops.

[6]  Elaine Shi,et al.  Bitter to Better - How to Make Bitcoin a Better Currency , 2012, Financial Cryptography.

[7]  Iddo Bentov,et al.  How to Use Bitcoin to Incentivize Correct Computations , 2014, CCS.

[8]  Alptekin Küpçü,et al.  Usable optimistic fair exchange , 2010, Comput. Networks.

[9]  Jonathan Katz,et al.  Adaptively secure broadcast, revisited , 2011, PODC '11.

[10]  Alptekin Küpçü,et al.  Making p2p accountable without losing privacy , 2007, WPES '07.

[11]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[12]  Jonathan Katz On achieving the "best of both worlds" in secure multiparty computation , 2007, STOC '07.

[13]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[14]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[15]  Ran Canetti,et al.  Practical UC security with a Global Random Oracle , 2014, CCS.

[16]  Andrew Y. Lindell Legally-Enforceable Fairness in Secure Two-Party Computation , 2008, CT-RSA.

[17]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[18]  Iddo Bentov,et al.  How to Use Bitcoin to Play Decentralized Poker , 2015, CCS.

[19]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[20]  Rafail Ostrovsky,et al.  On Complete Primitives for Fairness , 2010, TCC.

[21]  Aggelos Kiayias,et al.  Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016, EUROCRYPT.

[22]  Iddo Bentov,et al.  Note on fair coin toss via Bitcoin , 2014, ArXiv.

[23]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[24]  Jason Teutsch,et al.  Demystifying Incentives in the Consensus Computer , 2015, CCS.

[25]  N. Asokan,et al.  Optimistic protocols for fair exchange , 1997, CCS '97.

[26]  Jonathan Katz,et al.  Partial Fairness in Secure Two-Party Computation , 2010, Journal of Cryptology.

[27]  Jesper Buus Nielsen,et al.  Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.