Abstract
We show how the Bitcoin currency system (with a small modification) can be used to obtain fairness in any two-party secure computation protocol in the following sense: if one party aborts the protocol after learning the output then the other party gets a financial compensation (in bitcoins). One possible application of such protocols is the fair contract signing: each party is forced to complete the protocol, or to pay to the other one a fine.
We also show how to link the output of this protocol to the Bitcoin currency. More precisely: we show a method to design secure two-party protocols for functionalities that result in a “forced” financial transfer from one party to the other.
Our protocols build upon the ideas of our recent paper “Secure Multiparty Computations on Bitcoin” (Cryptology ePrint Archive, Report 2013/784). Compared to that paper, our results are more general, since our protocols allow to compute any function, while in the previous paper we concentrated only on some specific tasks (commitment schemes and lotteries). On the other hand, as opposed to “Secure Multiparty Computations on Bitcoin”, to obtain security we need to modify the Bitcoin specification so that the transactions are “non-malleable” (we discuss this concept in more detail in the paper).
This work was supported by the WELCOME/2010-4/2 grant founded within the framework of the EU Innovative Economy (National Cohesion Strategy) Operational Programme.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A real-life example of such situation is the recent case when the German tax authorities paid 4 million euro to an anonymous informant for a CD containing information about the German tax evaders with bank accounts in Switzerland [13].
- 2.
In the original Bitcoin documentation this is called “simplified \(T_{x}\)”.
- 3.
Technically in Bitcoin \([T_{x}]\) is not directly passed as an argument to \(\pi '_{i}\). We adopt this convention to make the exposition clearer.
- 4.
The reason is that it is impossible to construct a signature, in such a way, that it is a part of the message being signed.
- 5.
In this paper we usually treat input scripts as arguments for the corresponding output scripts. In reality, however, they are scripts in Bitcoin scripting language, which are supposed to push arguments for an output script on the stack.
- 6.
To read more about such deposits see [26].
- 7.
The server signs a transactions \( Fuse \) without seeing the transaction \( Put \) and a malicious client could try to send a hash of an existing transaction instead of \( Put \). Therefore, the server should use a fresh key every time to prevent itself from being tricked into signing a transaction spending some other transaction of its to the client.
- 8.
The only exception are the so-called generation transactions, which create new bitcoins and can have arbitrary input scripts (the script is called “coinbase” in this case). However, it is not difficult to ensure that each such transaction has a different hash, by using a new pair of keys for each generation.
- 9.
Except of that, what she can learn from her inputs and from the function being computed.
- 10.
The number of outputs created this way is limited and not greater than \(30\) as a bitcoin is not infinitely divisible. The smallest amount of bitcoins is called “satoshi” and is equal to \(10^{-8}\)
.
.References
Abadi, M., Glew, N.: Certified email with a light on-line trusted third party: design and implementation. In: WWW ’02
Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, Ł.: Secure multiparty computations on Bitcoin. Cryptology ePrint Archive (2013). http://eprint.iacr.org/2013/784
Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: How to deal with malleability of Bitcoin transactions. CoRR, abs/1312.3230 (2013)
Ateniese, G., Nita-Rotaru, C.: Stateless-recipient certified e-mail system based on verifiable encryption. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 182–199. Springer, Heidelberg (2002)
Back, A., Bentov, I.: Note on fair coin toss via Bitcoin (2013). http://www.cs.technion.ac.il/~idddo/cointossBitcoin.pdf
Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.L.: A fair protocol for signing contracts. IEEE Trans. Inf. Theor. 36(1), 40–46 (1990)
Blum, M.: Coin flipping by telephone. In: CRYPTO 1981 (1981)
Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000)
Clark, J., Essex, A.: CommitCoin: carbon dating commitments with Bitcoin. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 390–398. Springer, Heidelberg (2012)
Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: STOC ’86
Cramer, Ronald: Introduction to secure computation. In: Damgård, Ivan Bjerre (ed.) EEF School 1998. LNCS, vol. 1561, p. 16. Springer, Heidelberg (1999)
Damgård, I.B.: Practical and provably secure release of a secret and exchange of signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 200–217. Springer, Heidelberg (1994)
Der Spiegel International. Swiss Bank Data: German Tax Officials Launch Nationwide Raids, April 2013
Pfitzmann, B., et al.: Optimal efficiency of optimistic contract signing. In: PODC ’98
Miers, I., et al.: Zerocoin: anonymous distributed e-cash from Bitcoin. IEEE S&P (2012)
Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better—how to make bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012)
Gordon, S., et al.: Complete fairness in secure two-party computation. J. ACM 58(6), 1–37 (2011)
Even, S., Yacobi, Y.: Relations among public key signature schemes. Technical report 175, Computer Science Department, Technion, Israel (1980)
Garay, J.A., Jakobsson, M.: Timed release of standard digital signatures. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 168–182. Springer, Heidelberg (2003)
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: STOC 1987 (1987)
Goldreich, O.: The Foundations of Cryptography: Basic Applications, vol. 2. Cambridge University Press, Cambridge (2004)
Goldreich, O., Micali, S., Wigderson, A: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design. In: FOCS ’86
Goldreich, O., Vainish, R.: How to solve any protocol problem - an efficiency improvement. In: CRYPTO ’87
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)
Pinkas, B.: Fair secure two-party computation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 87–105. Springer, Heidelberg (2003)
Bitcoin wiki: Contracts. http://en.bitcoin.it/wiki/Contracts. Accessed 24 Nov 2013
Bitcoin wiki: Dominant Assurance Contracts. http://en.bitcoin.it/wiki/Dominant_Assurance_Contracts. Accessed 19 Jan 2014
Bitcoin wiki: Transaction malleability. https://en.bitcoin.it/wiki/Transaction_Malleability. Accessed 20 Jan 2014
Yao, A.C.-C.: How to generate and exchange secrets. In: FOCS 1986 (1986)
Zhou, J., Gollmann, D.: A fair non-repudiation protocol. In: IEEE S&P (1996)
Zhou, J., Gollmann, D.: Certified electronic mail. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 160–171. Springer, Heidelberg (1996)
Acknowledgments
We would like to thank the anonymous reviewers for their valuable comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFCA/Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, Ł. (2014). Fair Two-Party Computations via Bitcoin Deposits. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds) Financial Cryptography and Data Security. FC 2014. Lecture Notes in Computer Science(), vol 8438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44774-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-662-44774-1_8
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44773-4
Online ISBN: 978-3-662-44774-1
eBook Packages: Computer ScienceComputer Science (R0)