Fairness with an Honest Minority and a Rational Majority

We provide a simple protocol for secret reconstruction in any threshold secret sharing scheme, and prove that it is fair when executed with many rational parties together with a small minority of honest parties. That is, all parties will learn the secret with high probability when the honest parties follow the protocol and the rational parties act in their own self-interest (as captured by a set-Nash analogue of trembling hand perfect equilibrium). The protocol only requires a standard (synchronous) broadcast channel, tolerates both early stopping and incorrectly computed messages, and only requires 2 rounds of communication. Previous protocols for this problem in the cryptographic or economic models have either required an honest majority, used strong communication channels that enable simultaneous exchange of information, or settled for approximate notions of security/equilibria. They all also required a nonconstant number of rounds of communication.

[1]  Abhi Shelat,et al.  Collusion-free protocols , 2005, STOC '05.

[2]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[3]  José Luis Ferreira,et al.  A Communication-Proof Equilibrium Concept , 1996 .

[4]  J. Weibull,et al.  Strategy subsets closed under rational behavior , 1991 .

[5]  Sergei Izmalkov,et al.  Rational secure computation and ideal mechanism design , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[6]  Anna Lysyanskaya,et al.  Rationality and Adversarial Behavior in Multi-party Computation , 2006, CRYPTO.

[7]  Abhi Shelat,et al.  Completely fair SFE and coalition-safe cheap talk , 2004, PODC '04.

[8]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[9]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[10]  Joan Feigenbaum,et al.  Distributed algorithmic mechanism design: recent results and future directions , 2002, DIALM '02.

[11]  Danny Dolev,et al.  Distributed computing meets game theory: robust mechanisms for rational secret sharing and multiparty computation , 2006, PODC '06.

[12]  Joan Feigenbaum,et al.  Sharing the Cost of Multicast Transmissions , 2001, J. Comput. Syst. Sci..

[13]  Jonathan Katz,et al.  Bridging Game Theory and Cryptography: Recent Results and Future Directions , 2008, TCC.

[14]  D.C. Parkes,et al.  Distributed implementations of Vickrey-Clarke-Groves mechanisms , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[15]  Tuomas Sandholm,et al.  Algorithms for Rationalizability and CURB Sets , 2006, AAAI.

[16]  David C. Parkes,et al.  Specification faithfulness in networks with rational nodes , 2004, PODC '04.

[17]  Moni Naor,et al.  Timed Commitments , 2000, CRYPTO.

[18]  Joseph Y. Halpern,et al.  Rational secret sharing and multiparty computation: extended abstract , 2004, STOC '04.

[19]  Michael Dahlin,et al.  BAR fault tolerance for cooperative services , 2005, SOSP '05.

[20]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[21]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[22]  Noam Nisan,et al.  Online ascending auctions for gradually expiring items , 2005, SODA '05.

[23]  R. Selten Reexamination of the perfectness concept for equilibrium points in extensive games , 1975, Classics in Game Theory.

[24]  M. Whinston,et al.  Coalition-Proof Nash Equilibria I. Concepts , 1987 .

[25]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[26]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[27]  Moni Naor,et al.  Cryptography and Game Theory: Designing Protocols for Exchanging Information , 2008, TCC.

[28]  Moni Naor,et al.  Games for exchanging information , 2008, STOC.

[29]  Yoav Shoham,et al.  Towards a general theory of non-cooperative computation , 2003, TARK '03.

[30]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[31]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[32]  Noam Nisan,et al.  Algorithmic Mechanism Design , 2001, Games Econ. Behav..

[33]  Markus Jakobsson,et al.  Timed Release of Standard Digital Signatures , 2002, Financial Cryptography.

[34]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[35]  Benny Pinkas,et al.  Fair Secure Two-Party Computation , 2003, EUROCRYPT.

[36]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[37]  Jonathan Katz,et al.  Rational Secret Sharing, Revisited , 2006, SCN.

[38]  E. Kalai Large Robust Games , 2004 .

[39]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[40]  Moshe Tennenholtz,et al.  Non-cooperative computation: Boolean functions with correctness and exclusivity , 2005, Theor. Comput. Sci..

[41]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[42]  Joan Feigenbaum,et al.  A BGP-based mechanism for lowest-cost routing , 2002, PODC '02.

[43]  Moshe Babaioff,et al.  Mechanism Design for Single-Value Domains , 2005, AAAI.

[44]  Boi Faltings,et al.  MDPOP: faithful distributed implementation of efficient social choice problems , 2006, AAMAS '06.