Advertisement

Efficiently Making Secure Two-Party Computation Fair

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9603)

Abstract

Secure two-party computation cannot be fair against malicious adversaries, unless a trusted third party (TTP) or a gradual-release type super-constant round protocol is employed. Existing optimistic fair two-party computation protocols with constant rounds are either too costly to arbitrate (e.g., the TTP may need to re-do almost the whole computation), or require the use of electronic payments. Furthermore, most of the existing solutions were proven secure and fair via a partial simulation, which, we show, may lead to insecurity overall. We propose a new framework for fair and secure two-party computation that can be applied on top of any secure two party computation protocol based on Yao’s garbled circuits and zero-knowledge proofs. We show that our fairness overhead is minimal, compared to all known existing work. Furthermore, our protocol is fair even in terms of the work performed by Alice and Bob. We also prove our protocol is fair and secure simultaneously, through one simulator, which guarantees that our fairness extensions do not leak any private information. Lastly, we ensure that the TTP never learns the inputs or outputs of the computation. Therefore, even if the TTP becomes malicious and causes unfairness by colluding with one party, the security of the underlying protocol is still preserved.

Notes

Acknowledgements

The authors acknowledge the support of TÜBİTAK, the Scientific and Technological Research Council of Turkey, under project number 111E019, and European Union COST Action IC1306.

References

  1. 1.
    Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. IEEE J. Sel. Areas Commun. 18, 591–610 (2000)CrossRefMATHGoogle Scholar
  2. 2.
    Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000). doi: 10.1007/3-540-44598-6_15 CrossRefGoogle Scholar
  3. 3.
    Boudot, F., Schoenmakers, B., Traoré, J.: A fair and efficient solution to the socialist millionaires’ problem. Discrete Appl. Math. 1–2, 23–36 (2001)MathSciNetCrossRefMATHGoogle Scholar
  4. 4.
    Bresson, E., Stern, J.: Proofs of knowledge for non-monotone discrete-log formulae and applications. In: Chan, A.H., Gligor, V. (eds.) ISC 2002. LNCS, vol. 2433, pp. 272–288. Springer, Heidelberg (2002). doi: 10.1007/3-540-45811-5_21 CrossRefGoogle Scholar
  5. 5.
    Brickell, E.F., Chaum, D., Damgård, I.B., Graaf, J.: Gradual and verifiable release of a secret (extended abstract). In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 156–166. Springer, Heidelberg (1988). doi: 10.1007/3-540-48184-2_11 Google Scholar
  6. 6.
    Cachin, C., Camenisch, J.: Optimistic fair secure computation. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 93–111. Springer, Heidelberg (2000). doi: 10.1007/3-540-44598-6_6 CrossRefGoogle Scholar
  7. 7.
    Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45146-4_8 CrossRefGoogle Scholar
  8. 8.
    R. Cleve: Limits on the security of coin flips when half the processors are faulty. In: STOC (1986)Google Scholar
  9. 9.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994). doi: 10.1007/3-540-48658-5_19 Google Scholar
  10. 10.
    Damgård, I.: On Sigma protocols. http://www.daimi.au.dk/~ivan/Sigma.pdf
  11. 11.
    Damgård, I., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002). doi: 10.1007/3-540-36178-2_8 CrossRefGoogle Scholar
  12. 12.
    Damgård, I.B.: Practical and provably secure release of a secret and exchange of signatures. J. Cryptology 8, 201–222 (1995)CrossRefGoogle Scholar
  13. 13.
    Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997). doi: 10.1007/BFb0052225 CrossRefGoogle Scholar
  14. 14.
    Goldreich, O.: Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press, New York (2004)CrossRefMATHGoogle Scholar
  15. 15.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. J. ACM 38, 728 (1991)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Goldwasser, S., Lindell, Y.: Secure computation without agreement. In: Malkhi, D. (ed.) DISC 2002. LNCS, vol. 2508, pp. 17–32. Springer, Heidelberg (2002). doi: 10.1007/3-540-36108-1_2 CrossRefGoogle Scholar
  17. 17.
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17, 281–308 (1988)MathSciNetCrossRefMATHGoogle Scholar
  18. 18.
    Henry, R., Goldberg, I.: Batch proofs of partial knowledge. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 502–517. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38980-1_32 CrossRefGoogle Scholar
  19. 19.
    Jarecki, S., Shmatikov, V.: Efficient two-party secure computation on committed inputs. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 97–114. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72540-4_6 CrossRefGoogle Scholar
  20. 20.
    Kılınç, H., Küpçü, A.: Optimally efficient multi-party fair exchange and fair secure multi-party computation. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 330–349. Springer, Cham (2015). doi: 10.1007/978-3-319-16715-2_18 Google Scholar
  21. 21.
    Kılınç, H., Küpçü, A.: Efficiently making secure two-party computation fair. Cryptology ePrint Archive, Report 2014/896Google Scholar
  22. 22.
    Kiraz, M.S., Schoenmakers, B.: A protocol issue for the malicious case of Yao’s garbled circuit construction. In: Proceedings of 27th Symposium on Information Theory in the Benelux (2006)Google Scholar
  23. 23.
    Kiraz, M.S., Schoenmakers, B.: An efficient protocol for fair secure two-party computation. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 88–105. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-79263-5_6 CrossRefGoogle Scholar
  24. 24.
    Küpçü, A., Lysyanskaya, A.: Usable optimistic fair exchange. Comput. Netw. 56, 50–63 (2012)CrossRefGoogle Scholar
  25. 25.
    Lindell, A.Y.: Legally-enforceable fairness in secure two-party computation. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 121–137. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-79263-5_8 CrossRefGoogle Scholar
  26. 26.
    Lindell, Y., Pinkas, B.: An efficient protocol for secure two-party computation in the presence of malicious adversaries. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 52–78. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72540-4_4 CrossRefGoogle Scholar
  27. 27.
    Lindell, Y., Pinkas, B.: Secure multiparty computation for privacy-preserving data mining. J. Privacy Confidentiality 1, 59–98 (2009)Google Scholar
  28. 28.
    Lindell, Y., Pinkas, B.: Secure two-party computation via cut-and-choose oblivious transfer. J. Cryptology 25, 680–722 (2012)MathSciNetCrossRefMATHGoogle Scholar
  29. 29.
    Mohassel, P., Franklin, M.: Efficiency tradeoffs for malicious two-party computation. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 458–473. Springer, Heidelberg (2006). doi: 10.1007/11745853_30 CrossRefGoogle Scholar
  30. 30.
    Mohassel, P., Riva, B.: Garbled circuits checking garbled circuits: more efficient and secure two-party computation. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 36–53. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40084-1_3 CrossRefGoogle Scholar
  31. 31.
    Nielsen, J.B., Orlandi, C.: LEGO for two-party secure computation. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 368–386. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00457-5_22 CrossRefGoogle Scholar
  32. 32.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). doi: 10.1007/3-540-46766-1_9 Google Scholar
  33. 33.
    Pinkas, B.: Fair secure two-party computation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 87–105. Springer, Heidelberg (2003). doi: 10.1007/3-540-39200-9_6 CrossRefGoogle Scholar
  34. 34.
    Ruan, O., Chen, J., Zhou, J., Cui, Y., Zhang, M.: An efficient fair UC-secure protocol for two-party computation. Secur. Commun. Netw. 7, 1253–1263 (2013)CrossRefGoogle Scholar
  35. 35.
    shelat, A., Shen, C.: Two-output secure computation with malicious adversaries. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 386–405. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-20465-4_22 CrossRefGoogle Scholar
  36. 36.
    Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 1–16. Springer, Heidelberg (1998). doi: 10.1007/BFb0054113 CrossRefGoogle Scholar
  37. 37.
    Woodruff, D.P.: Revisiting the efficiency of malicious two-party computation. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 79–96. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72540-4_5 CrossRefGoogle Scholar
  38. 38.
    Yao, A.C.: Protocols for secure computations. In: FOCS (1982)Google Scholar

Copyright information

© International Financial Cryptography Association 2017

Authors and Affiliations

  1. 1.EPFLLausanneSwitzerland
  2. 2.Koç UniversityİstanbulTurkey

Personalised recommendations