Resource Fairness and Composability of Cryptographic Protocols

  • Juan Garay
  • Philip MacKenzie
  • Manoj Prabhakaran
  • Ke Yang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3876)


We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to similar previously proposed definitions, our definition follows the standard simulation paradigm and enjoys strong composability properties. In particular, our definition is similar to the security definition in the universal composability (UC) framework, but works in a model that allows any party to request additional resources from the environment to deal with dishonest parties that may prematurely abort.

In this model we specify the ideally fair functionality as allowing parties to “invest resources” in return for outputs, but in such an event offering all other parties a fair deal. (The formulation of fair dealings is kept independent of any particular functionality, by defining it using a “wrapper.”) Thus, by relaxing the notion of fairness, we avoid a well-known impossibility result for fair multi-party computation with corrupted majority; in particular, our definition admits constructions that tolerate arbitrary number of corruptions. We also show that, as in the UC framework, protocols in our framework may be arbitrarily and concurrently composed.

Turning to constructions, we define a “commit-prove-fair-open” functionality and design an efficient resource-fair protocol that securely realizes it, using a new variant of a cryptographic primitive known as “time-lines.” With (the fairly wrapped version of) this functionality we show that some of the existing secure multi-party computation protocols can be easily transformed into resource-fair protocols while preserving their security.


Ideal Functionality Cryptographic Protocol Honest Party Composition Theorem Cryptology ePrint Archive 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Adleman, L., Kompella, K.: Using smoothness to achieve parallelism. In: 20th STOC, pp. 528–538 (1988)Google Scholar
  2. 2.
    Asokan, N., Shoup, V., Waidner, M.: Optimistic Fair Exchange of Digital Signatures (Extended Abstract). In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 591–606. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  3. 3.
    Backes, M., Pfitzmann, B., Waidner, M.: A general composition theorem for secure reactive systems. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 336–354. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Beaver, D., Goldwasser, S.: Multiparty Computation with Faulty Majority. In: 30th FOCS, pp. 503–513 (1990)Google Scholar
  5. 5.
    Benaloh, J., de Mare, M.: One-Way Accumulators: A Decentralized Alternative to Digital Signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  6. 6.
    Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.: A Fair Protocol for Signing Contracts. IEEE Transactions on Information Theory 36(1), 40–46 (1990)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for noncryptographic fault-tolerant distributed computation. In: 20th STOC, pp. 1–10 (1988)Google Scholar
  8. 8.
    Blum, M.: How to exchange (secret) keys. ACM Transactions on Computer Systems 1(2), 175–193 (1983)CrossRefGoogle Scholar
  9. 9.
    Blum, L., Blum, M., Shub, M.: A simple unpredictable pseudo-random number generator. SIAM Journal on Computing 15(2), 364–383 (May 1986)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Boneh, D.: The decision Diffie-Hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  11. 11.
    Boneh, D., Naor, M.: Timed commitments (extended abstract). In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Cachin, C., Camenisch, J.: Optimistic Fair Secure Computation. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 93–111. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Canetti, R.: Security and Composition of Multiparty Cryptographic Protocols. Journal of Cryptology 13(1), 143–202 (Winter 2000)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. Electronic Colloquium on Computational Complexity (ECCC) TR01- 016 (2001); Previous version, A unified framework for analyzing security of protocols, availabe at the ECCC archive TR01-016. Extended abstract in FOCS 2001Google Scholar
  15. 15.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067 (2005); Revised version of [14]Google Scholar
  16. 16.
    Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally Composable Twoparty and Multi-party Secure Computation. In: 34th STOC (2002)Google Scholar
  18. 18.
    Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols. In: 20th STOC, pp. 11–19 (1988)Google Scholar
  19. 19.
    Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: Proceedings of the 18th Annual ACM Symposium on Theory of Computing (STOC 1986), pp. 364–369 (1986)Google Scholar
  20. 20.
    Cramer, R.: Modular Design of Secure yet Practical Cryptographic Protocols. Ph.D. Thesis. CWI and University of Amsterdam (1997)Google Scholar
  21. 21.
    Cramer, R., Damgård, I., Nielsen, J.: Multiparty Computation from Threshold Homomorphic Encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–300. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. 22.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  23. 23.
    Damgård, I.: Practical and Provably Secure Release of a Secret and Exchange of Signatures. Journal of Cryptology 8(4), 201–222 (1995)CrossRefGoogle Scholar
  24. 24.
    Damgård, I., Jurik, M.: Efficient protocols based probabilistic encryptions using composite degree residue classes. In: Research Series RS-00-5, BRICS, Department of Computer Science, University of Aarhus (2000)Google Scholar
  25. 25.
    Damgård, I., Nielsen, J.: Universally Composable Efficient Multiparty Computation from Threshold Homomorphic Encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 247–264. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  26. 26.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM J. on Comput. 30(2), 391–437 (2000); An earlier version appeared in 23rd ACM Symp. on Theory of Computing, pp. 542–552 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Fitzi, M., Gottesman, D., Hirt, M., Holenstein, T., Smith, A.: Detectable Byzantine Agreement Tolerating Faulty Majorities (from scratch). In: 21st PODC, pp. 118–126 (2002)Google Scholar
  29. 29.
    Fouque, P., Poupard, G., Stern, J.: Sharing decryption in the context of voting or lotteries. In: Proceedings of Financial Crypto 2000 (2000)Google Scholar
  30. 30.
    Galil, Z., Haber, S., Yung, M.: Cryptographic Computation: Secure Faulttolerant Protocols and the Public-Key Model. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 135–155. Springer, Heidelberg (1988)Google Scholar
  31. 31.
    Garay, J., Jakobsson, M.: Timed Release of Standard Digital Signatures. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 168–182. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  32. 32.
    Garay, J., MacKenzie, P., Prabhakaran, M., Yang, K.: Resource Fairness and Composability of Cryptographic Protocols. In: Cryptology ePrint Archive,
  33. 33.
    Garay, J., MacKenzie, P., Yang, K.: Strengthening Zero-Knowledge Protocols using Signatures. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 177–194. Springer, Heidelberg (2003); Full version in Cryptology ePrint Archive (2003),; To appear in Journal of CryptologyCrossRefGoogle Scholar
  34. 34.
    Garay, J., MacKenzie, P., Yang, K.: Efficient and Universally Composable Committed Oblivious Transfer and Applications. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 297–316. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  35. 35.
    Garay, J., MacKenzie, P., Yang, K.: Efficient and Secure Multi-Party Computation with Faulty Majority and Complete Fairness. In: Cryptology ePrint Archive,
  36. 36.
    Garay, J., Pomerance, C.: Timed Fair Exchange of Standard Signatures. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 190–207. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  37. 37.
    Goldreich, O.: Secure Multi-Party Computation (Working Draft, Version 1.2) (March 2000), Available from:
  38. 38.
    Goldreich, O., Micali, S., Wigderson, A.: How to Play any Mental Game – A Completeness Theorem for Protocols with Honest Majority. In: 19th ACM Symposium on the Theory of Computing, pp. 218–229 (1987)Google Scholar
  39. 39.
    Goldwasser, S., Levin, L.: Fair computation of general functions in presence of immoral majority. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 77–93. Springer, Heidelberg (1991)Google Scholar
  40. 40.
    Goldwasser, S., Lindell, Y.: Secure ComputationWithout Agreement. Journal of Cryptology 18(3), 247–287 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  41. 41.
    Hofheinz, D., Müller-Quade, J.: A Synchronous Model for Multi-Party Computation and Incompleteness of Oblivious Transfer. In: Cryptology ePrint Archive (2004),
  42. 42.
    Lepinski, M., Micali, S., Peikert, C., Shelat, A.: Completely fair SFE and coalition-safe cheap talk. In: 23rd PODC, pp. 1–10 (2004)Google Scholar
  43. 43.
    Lindell, Y.: General Composition and Universal Composability in Secure Multi- Party Computation. In: FOCS 2003 (2003)Google Scholar
  44. 44.
    MacKenzie, P., Yang, K.: On Simulation Sound Trapdoor Commitments. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 382–400. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  45. 45.
    Nielsen, J.B.: On Protocol Security in the Cryptographi Model. Ph.D. Thesis. Aarhus University (2003)Google Scholar
  46. 46.
    Paillier, P.: Public-key cryptosystems based on composite degree residue classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  47. 47.
    Pedersen, T.P.: Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  48. 48.
    Pfitzmann, B., Waidner, M.: Composition and Integrity Preservation of Secure Reactive Systems. In: ACM Conference on Computer and Communications Security (CSS), pp. 245–254 (2000)Google Scholar
  49. 49.
    Pinkas, B.: Fair Secure Two-Party Computation. In: Eurocrypt 2003, pp. 87–105 (2003)Google Scholar
  50. 50.
    Prabhakaran, M., Sahai, A.: New notions of security: Achieving universal composability without trusted setup. Cryptology ePrint Archive, Report 2004/139; Extended abstract in Proc. 36th STOC, pp. 242–251 (2004)Google Scholar
  51. 51.
    Rabin, T., Ben-Or, M.: Verifiable Secret Sharing and Multiparty Protocols with Honest Majority. In: 21st STOC, pp. 73–85 (1989)Google Scholar
  52. 52.
    Shoup, V.: A Computational Introduction to Number Theory and Algebra. Preliminary book, Available at,
  53. 53.
    Sorenson, J.: A Sublinear-Time Parallel Algorithm for Integer Modular Exponentiation. Available from:
  54. 54.
    Yao, A.: Protocols for Secure Computation. In: FOCS 1982, pp. 160–164 (1982)Google Scholar
  55. 55.
    Yao, A.: How to generate and exchange secrets. In: FOCS 1986, pp. 162–167 (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Juan Garay
    • 1
  • Philip MacKenzie
    • 2
  • Manoj Prabhakaran
    • 3
  • Ke Yang
    • 2
  1. 1.Bell Labs – Lucent TechnologiesUSA
  2. 2.GoogleUSA
  3. 3.Computer Science DepartmentUniversity of Illinois at Urbana-ChampaignUSA

Personalised recommendations