On Complete Primitives for Fairness

For secure two-party and multi-party computation with abort, classification of which primitives are complete has been extensively studied in the literature. However, for fair secure computation, where (roughly speaking) either all parties learn the output or none do, the question of complete primitives has remained largely unstudied. In this work, we initiate a rigorous study of completeness for primitives that allow fair computation. We show the following results: No “short” primitive is complete for fairness. In surprising contrast to other notions of security for secure two-party computation, we show that for fair secure computation, no primitive of size O(logk) is complete, where k is a security parameter. This is the case even if we can enforce parallelism in calls to the primitives (i.e., the adversary does not get output from any primitive in a parallel call until it sends input to all of them). This negative result holds regardless of any computational assumptions. A fairness hierarchy. We clarify the fairness landscape further by exhibiting the existence of a “fairness hierarchy”. We show that for every “short” l=O(logk), no protocol making (serial) access to any l-bit primitive can be used to construct even a (l+1)-bit simultaneous broadcast. Positive results. To complement the negative results, we exhibit a k-bit primitive that is complete for two-party fair secure computation. We show how to generalize this result to the multi-party setting. Fairness combiners. We also introduce the question of constructing a protocol for fair secure computation from primitives that may be faulty. We show that this is possible when a majority of the instances are honest. On the flip side, we show that this result is tight: no functionality is complete for fairness if half (or more) of the instances can be malicious.

[1]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[2]  Eyal Kushilevitz,et al.  On the structure of the privacy hierarchy , 2004, Journal of Cryptology.

[3]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[4]  Rafail Ostrovsky,et al.  Reducibility and Completeness in Private Computations , 2000, SIAM J. Comput..

[5]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[6]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[7]  Manoj Prabhakaran,et al.  Complexity of Multiparty Computation Problems: The Case of 2-Party Symmetric Secure Function Evaluation , 2008, IACR Cryptol. ePrint Arch..

[8]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[9]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[10]  N. Asokan,et al.  Optimistic protocols for fair exchange , 1997, CCS '97.

[11]  Abhi Shelat,et al.  Completely fair SFE and coalition-safe cheap talk , 2004, PODC '04.

[12]  Jonathan Katz,et al.  Partial Fairness in Secure Two-Party Computation , 2010, Journal of Cryptology.

[13]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[14]  Moni Naor,et al.  Timed Commitments , 2000, CRYPTO.

[15]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[16]  Manoj Prabhakaran,et al.  Resource Fairness and Composability of Cryptographic Protocols , 2006, Journal of Cryptology.

[17]  J'anos Simon,et al.  Proceedings of the twentieth annual ACM symposium on Theory of computing , 1988, STOC 1988.

[18]  Andrew Y. Lindell Legally-Enforceable Fairness in Secure Two-Party Computation , 2008, CT-RSA.

[19]  Rafail Ostrovsky,et al.  Minimal Complete Primitives for Secure Multi-Party Computation , 2004, Journal of Cryptology.

[20]  Donald Beaver,et al.  Correlated pseudorandomness and the complexity of private computations , 1996, STOC '96.

[21]  Nigel P. Smart Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[22]  Kenneth G. Paterson,et al.  Concurrent Signatures , 2004, EUROCRYPT.

[23]  Amir Herzberg Folklore, practice and theory of robust combiners , 2009, J. Comput. Secur..

[24]  Moti Yung,et al.  Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model , 1987, CRYPTO.

[25]  Oded Goldreich,et al.  How to Solve any Protocol Problem - An Efficiency Improvement , 1987, CRYPTO.

[26]  Eyal Kushilevitz,et al.  A zero-one law for Boolean privacy , 1989, STOC '89.

[27]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[28]  Ivan Damgård,et al.  Practical and provably secure release of a secret and exchange of signatures , 1994, Journal of Cryptology.

[29]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[30]  Jan Camenisch,et al.  Optimistic Fair Secure Computation , 2000, CRYPTO.

[31]  Birgit Pfitzmann,et al.  Unconditional Byzantine Agreement with Good Majority , 1991, STACS.

[32]  Moni Naor,et al.  On Robust Combiners for Oblivious Transfer and Other Primitives , 2005, EUROCRYPT.

[33]  Jonathan Katz,et al.  Complete Fairness in Multi-Party Computation Without an Honest Majority , 2009, IACR Cryptol. ePrint Arch..

[34]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[35]  Tal Malkin,et al.  A Quantitative Approach to Reductions in Secure Computation , 2004, TCC.

[36]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[37]  Matthias Fitzi,et al.  Unconditional Byzantine Agreement and Multi-party Computation Secure against Dishonest Minorities from Scratch , 2002, EUROCRYPT.

[38]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[39]  Donald Beaver,et al.  Multiparty Computation with Faulty Majority , 1989, CRYPTO.

[40]  Silvio Micali,et al.  How to simultaneously exchange a secret bit by flipping a symmetrically-biased coin , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[41]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.

[42]  Manuel Blum,et al.  How to exchange (secret) keys , 1983, TOCS.

[43]  Aggelos Kiayias,et al.  Advances in Cryptology - EUROCRYPT 2004 , 2004 .

[44]  Richard Cleve,et al.  Controlled Gradual Disclosure Schemes for Random Bits and Their Applications , 1989, CRYPTO.

[45]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[46]  Jonathan Katz,et al.  Partial Fairness in Secure Two-Party Computation , 2010, EUROCRYPT.

[47]  Yehuda Lindell,et al.  Complete Fairness in Secure Two-Party Computation , 2011, JACM.

[48]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[49]  Silvio Micali,et al.  Simple and fast optimistic protocols for fair electronic exchange , 2003, PODC '03.

[50]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[51]  Jonathan Katz On achieving the "best of both worlds" in secure multiparty computation , 2007, STOC '07.

[52]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[53]  Tal Malkin Topics in Cryptology - CT-RSA 2008, The Cryptographers' Track at the RSA Conference 2008, San Francisco, CA, USA, April 8-11, 2008. Proceedings , 2008, CT-RSA.

[54]  Carl Pomerance,et al.  Advances in Cryptology — CRYPTO ’87 , 2000, Lecture Notes in Computer Science.

[55]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[56]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[57]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[58]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[59]  Benny Pinkas,et al.  Fair Secure Two-Party Computation , 2003, EUROCRYPT.

[60]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .