On Complete Primitives for Fairness

  • Dov Gordon
  • Yuval Ishai
  • Tal Moran
  • Rafail Ostrovsky
  • Amit Sahai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5978)


For secure two-party and multi-party computation with abort, classification of which primitives are complete has been extensively studied in the literature. However, for fair secure computation, where (roughly speaking) either all parties learn the output or none do, the question of complete primitives has remained largely unstudied. In this work, we initiate a rigorous study of completeness for primitives that allow fair computation. We show the following results:

  • No “short” primitive is complete for fairness. In surprising contrast to other notions of security for secure two-party computation, we show that for fair secure computation, no primitive of size O(logk) is complete, where k is a security parameter. This is the case even if we can enforce parallelism in calls to the primitives (i.e., the adversary does not get output from any primitive in a parallel call until it sends input to all of them). This negative result holds regardless of any computational assumptions.

  • A fairness hierarchy. We clarify the fairness landscape further by exhibiting the existence of a “fairness hierarchy”. We show that for every “short” ℓ = O(logk), no protocol making (serial) access to any ℓ-bit primitive can be used to construct even a (ℓ + 1)-bit simultaneous broadcast.

  • Positive results. To complement the negative results, we exhibit a k-bit primitive that is complete for two-party fair secure computation. We show how to generalize this result to the multi-party setting.

  • Fairness combiners. We also introduce the question of constructing a protocol for fair secure computation from primitives that may be faulty. We show that this is possible when a majority of the instances are honest. On the flip side, we show that this result is tight: no functionality is complete for fairness if half (or more) of the instances can be malicious.


  1. 1.
    Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, Chicago, Illinois, USA, May 2-4. ACM, New York (1988)Google Scholar
  2. 2.
    Asokan, N., Schunter, M., Waidner, M.: Optimistic protocols for fair exchange. In: CCS, pp. 7–17. ACM, New York (1997)CrossRefGoogle Scholar
  3. 3.
    Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. IEEE Journal on Selected Areas in Communications 18(4), 593–610 (2000)CrossRefMATHGoogle Scholar
  4. 4.
    Baum-Waidner, B., Pfitzmann, B., Waidner, M.: Unconditional byzantine agreement with good majority. In: Jantzen, M., Choffrut, C. (eds.) STACS 1991. LNCS, vol. 480, pp. 285–295. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  5. 5.
    Beaver, D.: Correlated pseudorandomness and the complexity of private computations. In: STOC, pp. 479–488. ACM, New York (1996)Google Scholar
  6. 6.
    Beaver, D., Goldwasser, S.: Multiparty computation with faulty majority, pp. 468–473 (1989)Google Scholar
  7. 7.
    Beimel, A., Malkin, T.: A quantitative approach to reductions in secure computation. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 238–257. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Bellare, M. (ed.): CRYPTO 2000. LNCS, vol. 1880. Springer, Heidelberg (2000)MATHGoogle Scholar
  9. 9.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: STOC [1], pp. 1–10Google Scholar
  10. 10.
    Blum, M.: How to exchange (secret) keys. ACM Transactions on Computer Systems 1(2), 175–193 (1983); Previously published in ACM STOC 1983 proceedings, pp. 440–447CrossRefGoogle Scholar
  11. 11.
    Boneh, D., Naor, M.: Timed commitments, pp. 236–254Google Scholar
  12. 12.
    Boneh, D., Naor, M.: Timed commitments. In: Bellare [8], pp. 236–254Google Scholar
  13. 13.
    Cachin, C., Camenisch, J.: Optimistic fair secure computation. In: Bellare [8], pp. 93–111Google Scholar
  14. 14.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptology 13(1), 143–202 (2000)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (extended abstract). In: STOC [1], pp. 11–19Google Scholar
  16. 16.
    Chen, L., Kudla, C., Paterson, K.G.: Concurrent signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 287–305. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Chor, B., Geréb-Graus, M., Kushilevitz, E.: On the structure of the privacy hierarchy. J. Cryptology 7(1), 53–60 (1994)MathSciNetCrossRefMATHGoogle Scholar
  18. 18.
    Chor, B., Goldwasser, S., Micali, S., Awerbuch, B.: Verifiable secret sharing and achieving simultaneity in the presence of faults (extended abstract). In: FOCS, pp. 383–395. IEEE, Los Alamitos (1985)Google Scholar
  19. 19.
    Chor, B., Kushilevitz, E.: A zero-one law for boolean privacy. SIAM J. Discrete Math. 4(1), 36–47 (1991)MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Cleve, R.: Limits on the security of coin flips when half the processors are faulty (extended abstract). In: STOC, pp. 364–369. ACM, New York (1986)Google Scholar
  21. 21.
    Cleve, R.: Controlled gradual disclosure schemes for random bits and their applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 573–588. Springer, Heidelberg (1990)Google Scholar
  22. 22.
    Cramer, R., Dodis, Y., Fehr, S., Padró, C., Wichs, D.: Detection of algebraic manipulation with applications to robust secret sharing and fuzzy extractors. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 471–488. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Damgård, I.: Practical and provably secure release of a secret and exchange of signatures. J. Cryptology 8(4), 201–222 (1995)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Damgård, I.: Practical and provably secure release of a secret and exchange of signatures. J. Cryptology 8(4), 201–222 (1995)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985)MathSciNetCrossRefMATHGoogle Scholar
  26. 26.
    Fitzi, M., Garay, J.A., Maurer, U.M., Ostrovsky, R.: Minimal complete primitives for secure multi-party computation. J. Cryptology 18(1), 37–61 (2005)MathSciNetCrossRefMATHGoogle Scholar
  27. 27.
    Fitzi, M., Gisin, N., Maurer, U.M., von Rotz, O.: Unconditional byzantine agreement and multi-party computation secure against dishonest minorities from scratch. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 482–501. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  28. 28.
    Galil, Z., Haber, S., Yung, M.: Cryptographic computation: Secure fault-tolerant protocols and the public-key model, pp. 135–155Google Scholar
  29. 29.
    Garay, J.A., MacKenzie, P.D., Prabhakaran, M., Yang, K.: Resource fairness and composability of cryptographic protocols. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 404–428. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  30. 30.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC, pp. 218–229. ACM, New York (1987)Google Scholar
  31. 31.
    Goldreich, O., Vainish, R.: How to solve any protocol problem - an efficiency improvement. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 73–86. Springer, Heidelberg (1988)Google Scholar
  32. 32.
    Goldwasser, S., Levin, L.: Fair computation and general functions in the presence of immoral majorityGoogle Scholar
  33. 33.
    Gordon, D., Katz, J.: Partial fairness in secure two-party computation. Cryptology ePrint Archive, Report 2008/206 (2008), http://eprint.iacr.org/2008/206
  34. 34.
    Gordon, S.D., Hazay, C., Katz, J., Lindell, Y.: Complete fairness in secure two-party computation. In: Ladner, R.E., Dwork, C. (eds.) STOC, pp. 413–422. ACM, New York (2008)Google Scholar
  35. 35.
    Gordon, S.D., Katz, J.: Complete fairness in multi-party computation without an honest majority. In: Reingold [49], pp. 19–35Google Scholar
  36. 36.
    Harnik, D., Kilian, J., Naor, M., Reingold, O., Rosen, A.: On robust combiners for oblivious transfer and other primitives. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 96–113. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  37. 37.
    Herzberg, A.: Folklore, practice and theory of robust combiners. Journal of Computer Security 17(2), 159–189 (2009)MathSciNetCrossRefGoogle Scholar
  38. 38.
    Ishai, Y., Prabhakaran, M., Sahai, A.: Founding cryptography on oblivious transfer - efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  39. 39.
    Katz, J.: On achieving the “best of both worlds” in secure multiparty computation. In: Johnson, D.S., Feige, U. (eds.) STOC, pp. 11–20. ACM, New York (2007)Google Scholar
  40. 40.
    Kilian, J.: Founding cryptography on oblivious transfer. In: STOC [1], pp. 20–31Google Scholar
  41. 41.
    Kilian, J., Kushilevitz, E., Micali, S., Ostrovsky, R.: Reducibility and completeness in private computations. SIAM Journal on Computing 29(4), 1189–1208 (2000)MathSciNetCrossRefMATHGoogle Scholar
  42. 42.
    Lepinski, M., Micali, S., Peikert, C., shelat, A.: Completely fair sfe and coalition-safe cheap talk. In: Chaudhuri, S., Kutten, S. (eds.) PODC, pp. 1–10. ACM, New York (2004)Google Scholar
  43. 43.
    Lindell, A.Y.: Legally-enforceable fairness in secure two-party computation. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 121–137. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  44. 44.
    Luby, M., Micali, S., Rackoff, C.: How to simultaneously exchange a secret bit by flipping a symmetrically-biased coin. In: FOCS, pp. 11–21. IEEE, Los Alamitos (1983)Google Scholar
  45. 45.
    Maji, H.K., Prabhakaran, M., Rosulek, M.: Complexity of multi-party computation problems: The case of 2-party symmetric secure function evaluation. In: Reingold [49], pp. 256–273Google Scholar
  46. 46.
    Micali, S.: Simple and fast optimistic protocols for fair electronic exchange. In: PODC, pp. 12–19. ACM, New York (2003)Google Scholar
  47. 47.
    Pinkas, B.: Fair secure two-party computation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 87–105. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  48. 48.
    Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In: STOC, pp. 73–85. ACM, New York (1989)Google Scholar
  49. 49.
    Reingold, O. (ed.): TCC 2009. LNCS, vol. 5444. Springer, Heidelberg (2009)MATHGoogle Scholar
  50. 50.
    Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: FOCS, pp. 162–167. IEEE, Los Alamitos (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Dov Gordon
    • 1
  • Yuval Ishai
    • 2
    • 3
  • Tal Moran
    • 4
  • Rafail Ostrovsky
    • 3
  • Amit Sahai
    • 3
  1. 1.University of MarylandUSA
  2. 2.TechnionIsrael
  3. 3.University of CaliforniaLos Angeles
  4. 4.Harvard SEASUSA

Personalised recommendations