Optimal Fair Computation

  • Rachid Guerraoui
  • Jingjing WangEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9888)


A computation scheme among n parties is fair if no party obtains the computation result unless all other \(n-1\) parties obtain the same result. A fair computation scheme is optimistic if n honest parties can obtain the computation result without resorting to a trusted third party. We prove, for the first time, a tight lower-bound on the message complexity of optimistic fair computation for n parties among which \(n-1\) can be malicious in an asynchronous network. We do so by relating the optimal message complexity of optimistic fair computation to the length of the shortest permutation sequence in combinatorics.



We are very grateful to the second author of [16] for the time devoted to understanding our argument and for his fairplay in recognizing the mistake. This work has been supported in part by the European ERC Grant 339539 - AOC.


  1. 1.
    Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. Sel. Areas Commun. IEEE J. 18(4), 593–610 (2000)CrossRefzbMATHGoogle Scholar
  2. 2.
    Cachin, C., Camenisch, J.L.: Optimistic fair secure computation. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 93–111. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: STOC 1986, pp. 364–369 (1986)Google Scholar
  4. 4.
    Micali, S.: Simple and fast optimistic protocols for fair electronic exchange. In: PODC (2003)Google Scholar
  5. 5.
    Knuth, D.E.: Open problems with a computational flavor, mimeographed notes for a seminar on combinatorics (1971)Google Scholar
  6. 6.
    Newey, M.C.: Notes on a problem involving permutations as subsequences. Technical Report (1973)Google Scholar
  7. 7.
    Zălinescu, E.: Shorter strings containing all k-element permutations. Inf. Process. Lett. 111(12), 605–608 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Radomirović, S.: A construction of short sequences containing all permutations of a set as subsequences. Electron. J. Comb. 19(4) (2012). Paper 31Google Scholar
  9. 9.
    Kleitman, D., Kwiatkowski, D.: A lower bound on the length of a sequence containing all permutations as subsequences. J. Comb. Theor. Ser. A 21(2), 129–136 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Adleman, L.: Short permutation strings. Discrete Math. 10(2), 197–200 (1974)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Koutas, P., Hu, T.: Shortest string containing all permutations. Discrete Math. 11(2), 125–132 (1975)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Camenisch, J.L., Damgård, I.B.: Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 331–345. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Mauw, S., Radomirović, S., Dashti, M.: Minimal message complexity of asynchronous multi-party contract signing. In: CSF (2009)Google Scholar
  14. 14.
    Kordy, B., Radomirović, S.: Constructing optimistic multi-party contract signing protocols. In: CSF (2012)Google Scholar
  15. 15.
    Mauw, S., Radomirović, S.: Generalizing multi-party contract signing. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 156–175. Springer, Heidelberg (2015)Google Scholar
  16. 16.
    Pfitzmann, B., Schunter, M., Waidner, M.: Optimal efficiency of optimistic contract signing. In: PODC 1998, pp. 113–122 (1998)Google Scholar
  17. 17.
    Schunter, M.: Optimistic fair exchange. Ph.D. dissertation, Universität des Saarlandes (2000).
  18. 18.
    Dashti, M.T.: Efficiency of optimistic fair exchange using trusted devices. ACM Trans. Auton. Adapt. Syst. 7(1), 3:1–3:18 (2012)CrossRefGoogle Scholar
  19. 19.
    Schnorr, C.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161–174 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Kravitz, D.: Digital signature algorithm. US Patent 5,231,668 (1993)Google Scholar
  21. 21.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  22. 22.
    Ong, H., Schnorr, C.-P.: Fast signature generation with a fiat shamir-like scheme. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 432–440. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  23. 23.
    Guillou, L.C., Quisquater, J.-J.: A “paradoxical” indentity-based signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) Advances in Cryptology — CRYPTO’88. LNCS, vol. 403, pp. 216–231. Springer, Heidelberg (2000)Google Scholar
  24. 24.
    Guerraoui, R., Wang, J.: Optimal fair computation. Technical Report (2016).
  25. 25.
    Oded, G.: Foundations of Cryptography. Basic Applications, vol. 2. Cambridge University Press, New York (2009)zbMATHGoogle Scholar
  26. 26.
    Dierks, T.: The transport layer security (tls) protocol version 1.2 (2008)Google Scholar
  27. 27.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptology 13(1), 143–202 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Yao, A.C.: Theory and application of trapdoor functions. In: SFCS 1982, pp. 80–91 (1982)Google Scholar
  30. 30.
    Gordon, S.D., Katz, J.: Complete fairness in multi-party computation without an honest majority. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 19–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  31. 31.
    Gordon, S.D., Hazay, C., Katz, J., Lindell, Y.: Complete fairness in secure two-party computation. J. ACMGoogle Scholar
  32. 32.
    Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography. CRC Press Inc., Boca Raton (1996)CrossRefzbMATHGoogle Scholar
  33. 33.
    I. 9594–8. Information technology - open systems interconnection - the directory: Authentication framework (1995). (equivalent to ITU-T Recommendation X.509, 1993)Google Scholar
  34. 34.
    Ateniese, G.: Efficient verifiable encryption (and fair exchange) of digital signatures. In: CCS 1999, pp. 138–146 (1999)Google Scholar
  35. 35.
    Alaraj, A.M.: Simple and efficient contract signing protocol. CoRR, vol. abs/1204.1646 (2012).
  36. 36.
    Guerraoui, R., Rodrigues, L.: Introduction to Reliable Distributed Programming. Springer, New York (2006)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.EPFL, IC, Station 14LausanneSwitzerland

Personalised recommendations