TCC 2015: Theory of Cryptography pp 199-228

# Complete Characterization of Fairness in Secure Two-Party Computation of Boolean Functions

• Amos Beimel
• Nikolaos Makriyannis
• Eran Omri
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9014)

## Abstract

Fairness is a desirable property in secure computation; informally it means that if one party gets the output of the function, then all parties get the output. Alas, an implication of Cleve’s result (STOC 86) is that when there is no honest majority, in particular in the important case of the two-party setting, there exist Boolean functions that cannot be computed with fairness. In a surprising result, Gordon et al. (JACM 2011) showed that some interesting functions can be computed with fairness in the two-party setting, and re-opened the question of understanding which Boolean functions can be computed with fairness, and which cannot.

Our main result in this work is a complete characterization of the (symmetric) Boolean functions that can be computed with fairness in the two-party setting; this settles an open problem of Gordon et al. The characterization is quite simple: A function can be computed with fairness if and only if the all one-vector or the all-zero vector are in the affine span of either the rows or the columns of the matrix describing the function. This is true for both deterministic and randomized functions. To prove the possibility result, we modify the protocol of Gordon et al.; the resulting protocol computes with full security (and in particular with fairness) all functions that are computable with fairness.

We extend the above result in two directions. First, we completely characterize the Boolean functions that can be computed with fairness in the multiparty case, when the number of parties is constant and at most half of the parties can be malicious. Second, we consider the two-party setting with asymmetric Boolean functionalities, that is, when the output of each party is one bit; however, the outputs are not necessarily the same. We provide both a sufficient condition and a necessary condition for fairness; however, a gap is left between these two conditions. We then consider a specific asymmetric function in this gap area, and by designing a new protocol, we show that it is computable with fairness. However, we do not give a complete characterization for all functions that lie in this gap, and their classification remains open.

## Keywords

Secure computation fairness foundations malicious adversaries

## References

1. 1.
Agrawal, S., Prabhakaran, M.: On fair exchange, fair coins and fair sampling. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 259–276. Springer, Heidelberg (2013)
2. 2.
Asharov, G.: Towards characterizing complete fairness in secure two-party computation. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 291–316. Springer, Heidelberg (2014)
3. 3.
Asharov, G., Beimel, A., Makriyannis, N., Omri, E.: Complete characterization of fairness in secure two-party computation of boolean functions. Cryptology ePrint Archive, Report 2014/1000 (2014), http://eprint.iacr.org/
4. 4.
Asharov, G., Lindell, Y., Rabin, T.: A full characterization of functions that imply fair coin tossing and ramifications to fairness. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 243–262. Springer, Heidelberg (2013)
5. 5.
Beimel, A., Lindell, Y., Omri, E., Orlov, I.: 1/p-secure multiparty computation without honest majority and the best of both worlds. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 277–296. Springer, Heidelberg (2011)
6. 6.
Beimel, A., Omri, E., Orlov, I.: Protocols for multiparty coin toss with dishonest majority. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 538–557. Springer, Heidelberg (2010)
7. 7.
Canetti, R.: Security and composition of multiparty cryptographic protocols. J. of Cryptology 13(1), 143–202 (2000)
8. 8.
Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: 18th STOC, pp. 364–369 (1986)Google Scholar
9. 9.
Goldreich, O.: Foundations of Cryptography, Voume II Basic Applications. Cambridge University Press (2004)Google Scholar
10. 10.
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: 19th STOC, pp. 218–229 (1987)Google Scholar
11. 11.
Gordon, S.D., Hazay, C., Katz, J., Lindell, Y.: Complete fairness in secure two-party computation. J. of the ACM 58(6), Article No. 24 (2011)Google Scholar
12. 12.
Gordon, S.D., Katz, J.: Complete fairness in multi-party computation without an honest majority. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 19–35. Springer, Heidelberg (2009)
13. 13.
Kilian, J.: Basing cryptography on oblivious transfer. In: 20th STOC, pp. 20–31 (1988)Google Scholar
14. 14.
Makriyannis, N.: On the classification of finite boolean functions up to fairness. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 135–154. Springer, Heidelberg (2014)
15. 15.
Yao, A.C.: How to generate and exchange secrets. In: 27th FOCS, pp. 162–167 (1986)Google Scholar

© International Association for Cryptologic Research 2015

## Authors and Affiliations

• 1
• Amos Beimel
• 2
• Nikolaos Makriyannis
• 3
• Eran Omri
• 4
1. 1.The Hebrew University of JerusalemJerusalemIsrael
2. 2.Ben Gurion University of the NegevBe’er ShevaIsrael
3. 3.Universitat Pompeu FabraBarcelonaSpain
4. 4.Ariel UniversityArielIsrael