Abstract
A fair distributed protocol ensures that dishonest parties have no advantage over honest parties in learning their protocol’s output. What makes fairness a particularly intriguing research topic is Cleve’s seminal result [STOC’86], which proved that fairness is impossible to achieve in the presence of dishonest majorities and ignited a quest for more relaxed, yet meaningful definitions of fairness. A common pattern in existing works, however, is that they only treat the case of non-reactive computation—i.e., distributed computation of “one-shot” (stateless) functions, in which parties give all inputs strictly before any output is computed. Yet, many natural cryptographic tasks are of a reactive (stateful) nature.
In this work, we introduce the first notion of fairness tailored to reactive distributed computation, which can be realized in the presence of dishonest majorities. Our definition builds on the recently suggested utility-based fairness notion (for non-reactive functions) by Garay et al. [PODC’15], which, informally, measures the protocol’s fairness by means of the utility of an adversary who aims to break it As in the [PODC’15] work, our approach enjoys the advantage of offering a comparative notion, inducing a partial order on protocols with respect to fairness.
We investigate protocols that restrict the adversary’s utility and provide, for each choice of parameters specifying this utility, a protocol for fair and reactive two-party computation, which is optimal for a (natural) range of parameters. Our study shows that achieving fairness in the reactive setting is more complex than in the much-studied case of one-shot functions, as increasing the number of rounds used for reconstructing the output can lead to improved fairness, and the minimal required number of rounds depends on the exact values of the adversary’s utility.
The full version of this paper can be found in [13].
B. Tackmann—Research done in part while at ETH Zurich, and partly supported by the SNF through Fellowship no. P2EZP2-155566 and by NSF grant CNS-1228890.
V. Zikas—Research supported in part by the SNF through Ambizione grant PZ00P-2142549
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Asharov, G., Canetti, R., Hazay, C.: Towards a game theoretic view of secure computation. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 426–445. Springer, Heidelberg (2011)
Beaver, D., Goldwasser, S.: Multiparty computation with faulty majority. In: FOCS 1989, pp. 468–473. IEEE (1989)
Beimel, A., Lindell, Y., Omri, E., Orlov, I.: 1/p-Secure multiparty computation without honest majority and the best of both worlds. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 277–296. Springer, Heidelberg (2011)
Blum, M.: How to exchange (secret) keys. ACM Transactions on Computer Science 1, 175–193 (1984)
Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000)
Canetti, R.: Security and composition of multiparty cryptographic protocols. Journal of Cryptology 13, 143–202 (2000)
Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: FOCS 2001, pp. 136–145. IEEE (2001)
Cleve, R.E.: Limits on the security of coin flips when half the processors are faulty. In: STOC 1986, pp. 364–369. ACM, Berkeley (1986)
Damgård, I.: Practical and provably secure release of a secret and exchange of signatures. Journal of Cryptology 8(4), 201–222 (1995)
Garay, J.A., Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Rational protocol design: Cryptography against incentive-driven adversaries. In: FOCS 2013. IEEE (2013)
Garay, J.A., Katz, J., Tackmann, B., Zikas, V.: How fair is your protocol? A utility-based approach to protocol optimality. In: Spirakis, P. (ed.) PODC 2015. ACM Press (2015)
Garay, J.A., MacKenzie, P.D., Prabhakaran, M., Yang, K.: Resource fairness and composability of cryptographic protocols. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 404–428. Springer, Heidelberg (2006)
Garay, J.A., Tackmann, B., Zikas, V.: Fair distributed computation of reactive functions. Cryptology ePrint Archive, Report 2015/807, August 2015
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game–A completeness theorem for protocols with honest majority. In: STOC 1987, pp. 218–229. ACM (1987)
Gordon, S.D., Katz, J.: Partial fairness in secure two-party computation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 157–176. Springer, Heidelberg (2010)
Groce, A., Katz, J.: Fair computation with rational players. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 81–98. Springer, Heidelberg (2012)
Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Universally composable synchronous computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 477–498. Springer, Heidelberg (2013)
Pinkas, B.: Fair secure two-party computation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 87–105. Springer, Heidelberg (2003)
Yao, A.C.: Theory and applications of trapdoor functions. In: FOCS 1982, pp. 80–91. IEEE (1982)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Garay, J., Tackmann, B., Zikas, V. (2015). Fair Distributed Computation of Reactive Functions. In: Moses, Y. (eds) Distributed Computing. DISC 2015. Lecture Notes in Computer Science(), vol 9363. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48653-5_33
Download citation
DOI: https://doi.org/10.1007/978-3-662-48653-5_33
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-48652-8
Online ISBN: 978-3-662-48653-5
eBook Packages: Computer ScienceComputer Science (R0)