Towards Characterizing Complete Fairness in Secure Two-Party Computation

  • Gilad Asharov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8349)


The well known impossibility result of Cleve (STOC 1986) implies that in general it is impossible to securely compute a function with complete fairness without an honest majority. Since then, the accepted belief has been that nothing non-trivial can be computed with complete fairness in the two party setting. The surprising work of Gordon, Hazay, Katz and Lindell (STOC 2008) shows that this belief is false, and that there exist some non-trivial (deterministic, finite-domain) boolean functions that can be computed fairly. This raises the fundamental question of characterizing complete fairness in secure two-party computation.

In this work we show that not only that some or few functions can be computed fairly, but rather an enormous amount of functions can be computed with complete fairness. In fact, almost all boolean functions with distinct domain sizes can be computed with complete fairness (for instance, more than 99.999% of the boolean functions with domain sizes 31 ×30). The class of functions that is shown to be possible includes also rather involved and highly non-trivial tasks, such as set-membership, evaluation of a private (Boolean) function and private matchmaking.

In addition, we demonstrate that fairness is not restricted to the class of symmetric boolean functions where both parties get the same output, which is the only known feasibility result. Specifically, we show that fairness is also possible for asymmetric boolean functions where the output of the parties is not necessarily the same. Moreover, we consider the class of functions with non-binary output, and show that fairness is possible for any finite range.

The constructions are based on the protocol of Gordon et. al, and the analysis uses tools from convex geometry.


Complete fairness secure two-party computation foundations malicious adversaries 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, S., Prabhakaran, M.: On fair exchange, fair coins and fair sampling. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 259–276. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  2. 2.
    Asharov, G.: Towards characterizing complete fairness in secure two-party computation. IACR Cryptology ePrint Archive (to appear)Google Scholar
  3. 3.
    Asharov, G., Lindell, Y., Rabin, T.: A full characterization of functions that imply fair coin tossing and ramifications to fairness. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 243–262. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  4. 4.
    Beimel, A., Lindell, Y., Omri, E., Orlov, I.: 1/p-secure multiparty computation without honest majority and the best of both worlds. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 277–296. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.L.: A fair protocol for signing contracts. IEEE Transactions on Information Theory 36(1), 40–46 (1990)CrossRefGoogle Scholar
  6. 6.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: STOC, pp. 1–10 (1988)Google Scholar
  7. 7.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptology 13(1), 143–202 (2000)CrossRefMATHMathSciNetGoogle Scholar
  8. 8.
    Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (extended abstract). In: STOC, pp. 11–19 (1988)Google Scholar
  9. 9.
    Cleve, R.: Limits on the security of coin flips when half the processors are faulty (extended abstract). In: STOC, pp. 364–369 (1986)Google Scholar
  10. 10.
    Cleve, R.: Controlled gradual disclosure schemes for random bits and their applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 573–588. Springer, Heidelberg (1990)Google Scholar
  11. 11.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. In: CRYPTO, pp. 205–210 (1982)Google Scholar
  12. 12.
    Even, S., Yacobi, Y.: Relations among public key signature schemes. Technical Report #175, Technion Israel Institute of Technology, Computer Science Department (1980),
  13. 13.
    Goldreich, O.: The Foundations of Cryptography - Basic Applications, vol. 2. Cambridge University Press (2004)Google Scholar
  14. 14.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC, pp. 218–229 (1987)Google Scholar
  15. 15.
    Goldwasser, S., Levin, L.: Fair computation of general functions in presence of immoral majority. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 77–93. Springer, Heidelberg (1991)Google Scholar
  16. 16.
    Gordon, S.D.: On fairness in secure computation. PhD thesis, University of Maryland (2010)Google Scholar
  17. 17.
    Gordon, S.D., Hazay, C., Katz, J., Lindell, Y.: Complete fairness in secure two-party computation. In: STOC, pp. 413–422 (2008); Extended full version available on: Journal version: [18]
  18. 18.
    Gordon, S.D., Hazay, C., Katz, J., Lindell, Y.: Complete fairness in secure twoparty computation. J. ACM 58(6), 24 (2011)CrossRefMathSciNetGoogle Scholar
  19. 19.
    Gordon, S.D., Katz, J.: Partial fairness in secure two-party computation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 157–176. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Grünbaum, B.: Convex Polytopes. In: Kaibel, V., Klee, V., Ziegler, G. (eds.) Graduate Texts in Mathematics, 2nd edn. Springer (May 2003)Google Scholar
  21. 21.
    Halpern, J.Y., Teague, V.: Rational secret sharing and multiparty computation: extended abstract. In: STOC, pp. 623–632 (2004)Google Scholar
  22. 22.
    Kahn, J., Komlòs, J., Szemerèdi, E.: On the probability that a random ±1-matrix is singular. Journal of Amer. Math. Soc. 8, 223–240 (1995)MATHGoogle Scholar
  23. 23.
    Komlòs, J.: On the determinant of (0,1) matrices. Studia Sci. Math. Hungar 2, 7–21 (1967)MATHMathSciNetGoogle Scholar
  24. 24.
    Rabin, M.O.: How to exchange secrets with oblivious transfer. Technical Report TR-81, Aiken Computation Lab, Harvard University (1981)Google Scholar
  25. 25.
    Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In: STOC, pp. 73–85 (1989)Google Scholar
  26. 26.
    Roman, S.: Advanced Linear Algebra, 3rd edn. Graduate Texts in Mathematics, vol. 135, p. xviii. Springer, New York (2008)Google Scholar
  27. 27.
    Voigt, T., Ziegler, G.M.: Singular 0/1-matrices, and the hyperplanes spanned by random 0/1-vectors. Combinatorics, Probability and Computing 15(3), 463–471 (2006)CrossRefMATHMathSciNetGoogle Scholar
  28. 28.
    Wood, P.J.: On the probability that a discrete complex random matrix is singular. PhD thesis, Rutgers University, New Brunswick, NJ, USA, AAI3379178 (2009)Google Scholar
  29. 29.
    Yao, A.C.C.: How to generate and exchange secrets (extended abstract). In: FOCS, pp. 162–167 (1986)Google Scholar
  30. 30.
    Ziegler, G.M.: Lectures on 0/1-polytopes. Polytopes: Combinatorics and Computation, Birkhauser, Basel. DMV Seminar, vol. 29, pp. 1–40 (2000)Google Scholar

Copyright information

© International Association for Cryptologic Research 2014

Authors and Affiliations

  • Gilad Asharov
    • 1
  1. 1.Department of Computer ScienceBar-Ilan UniversityIsrael

Personalised recommendations