Rational Threshold Cryptosystems

We propose a framework for threshold cryptosystems under a permissionless-economic model in which the participants are rational profit-maximizing entities. To date, threshold cryptosystems have been considered under permissioned settings with a limited adversary. Our framework relies on an escrow service that slashes and redistributes deposits to incentivize participants to adhere desired behaviors. Today, more than ever, sophisticated escrow services can be implemented over public blockchains like Ethereum, without additional trust assumptions. The key threat to rational threshold cryptosystems is collusion---by cooperating `illegally', a subset of participants can reveal the cryptosystem's secret, which, in turn is translated to unfair profit. Our countermeasure to collusion is framing. If the escrow is notified of collusion, it rewards the framer and slashes the deposits of all other participants. We show that colluding parties find themselves in the prisoner's dilemma, where the dominant strategy is framing.

[1]  Dominic Williams,et al.  DFINITY Technology Overview Series, Consensus System , 2018, ArXiv.

[2]  Georg Fuchsbauer,et al.  Efficient Rational Secret Sharing in Standard Communication Networks , 2010, IACR Cryptol. ePrint Arch..

[3]  Jonathan Katz,et al.  Rational Secret Sharing, Revisited , 2006, SCN.

[4]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[5]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[6]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, Journal of Cryptology.

[7]  Timo Hanke AsicBoost - A Speedup for Bitcoin Mining , 2016, ArXiv.

[8]  Ittai Abraham,et al.  Hot-Stuff the Linear, Optimal-Resilience, One-Message BFT Devil , 2018, ArXiv.

[9]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[10]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[11]  Sanjit Chatterjee,et al.  On cryptographic protocols employing asymmetric pairings - The role of Ψ revisited , 2011, Discret. Appl. Math..

[12]  Markus Stadler,et al.  Publicly Verifiable Secret Sharing , 1996, EUROCRYPT.

[13]  John F. Canny,et al.  Practical Large-Scale Distributed Key Generation , 2004, EUROCRYPT.

[14]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[15]  Vitalik Buterin,et al.  Casper the Friendly Finality Gadget , 2017, ArXiv.

[16]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[17]  Yehuda Lindell,et al.  Utility Dependence in Correct and Fair Rational Secret Sharing , 2009, Journal of Cryptology.

[18]  Joseph Y. Halpern,et al.  Rational secret sharing and multiparty computation: extended abstract , 2004, STOC '04.

[19]  Frederik Vercauteren,et al.  Aspects of Pairing Inversion , 2008, IEEE Transactions on Information Theory.

[20]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[21]  S. Matthew Weinberg,et al.  Arbitrum: Scalable, private smart contracts , 2018, USENIX Security Symposium.

[22]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[23]  Aviv Zohar,et al.  Optimal Selfish Mining Strategies in Bitcoin , 2015, Financial Cryptography.

[24]  Ethan Buchman,et al.  Tendermint: Byzantine Fault Tolerance in the Age of Blockchains , 2016 .

[25]  Jason Teutsch,et al.  A scalable verification solution for blockchains , 2019, ArXiv.

[26]  Moni Naor,et al.  Games for exchanging information , 2008, STOC.

[27]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[28]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[29]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[30]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).