Advertisement

Fast Optimistically Fair Cut-and-Choose 2PC

  • Alptekin Küpçü
  • Payman Mohassel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9603)

Abstract

Secure two party computation (2PC) is a well-studied problem with many real world applications. Due to Cleve’s result on general impossibility of fairness, however, the state-of-the-art solutions only provide security with abort. We investigate fairness for 2PC in presence of a trusted Arbiter, in an optimistic setting where the Arbiter is not involved if the parties act fairly. Existing fair solutions in this setting are by far less efficient than the fastest unfair 2PC.

We close this efficiency gap by designing protocols for fair 2PC with covert and malicious security that have competitive performance with the state-of-the-art unfair constructions. In particular, our protocols only requires the exchange of a few extra messages with sizes that only depend on the output length; the Arbiter’s load is independent of the computation size; and a malicious Arbiter can only break fairness, but not covert/malicious security even if he colludes with a party. Finally, our solutions are designed to work with the state-of-the-art optimizations applicable to garbled circuits and cut-and-choose 2PC such as free-XOR, half-gates, and the cheating-recovery paradigm.

Keywords

Secure two-party computation Covert adversaries Cut-and-choose Garbled circuits Fair secure computation Optimistic fair exchange 

Notes

Acknowledgements

We thank TÜBİTAK, the Scientific and Technological Research Council of Turkey, project 111E019, and European Union COST Action IC1306.

References

  1. 1.
    Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, Ł.: Fair two-party computations via bitcoin deposits. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 105–121. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44774-1_8 Google Scholar
  2. 2.
    Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on Bitcoin. In: IEEE Security and Privacy (2014)Google Scholar
  3. 3.
    Asharov, G.: Towards characterizing complete fairness in secure two-party computation. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 291–316. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54242-8_13 CrossRefGoogle Scholar
  4. 4.
    Asharov, G., Orlandi, C.: Calling out cheaters: covert security with public verifiability. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 681–698. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34961-4_41 CrossRefGoogle Scholar
  5. 5.
    Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. IEEE Sel. Areas Commun. 18, 591–610 (2000)CrossRefMATHGoogle Scholar
  6. 6.
    Ateniese, G.: Efficient verifiable encryption (and fair exchange) of digital signatures. In: ACM CCS (1999)Google Scholar
  7. 7.
    Aumann, Y., Lindell, Y.: Security against covert adversaries: efficient protocols for realistic adversaries. J. Cryptol. 23, 281–343 (2010)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Avoine, G., Vaudenay, S.: Optimistic fair exchange based on publicly verifiable secret sharing. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 74–85. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-27800-9_7 CrossRefGoogle Scholar
  9. 9.
    Bao, F., Deng, R., Mao, W.: Efficient and practical fair exchange protocols with off-line TTP. In: IEEE Security and Privacy (1998)Google Scholar
  10. 10.
    Beimel, A., Lindell, Y., Omri, E., Orlov, I.: 1/p-Secure multiparty computation without honest majority and the best of both worlds. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 277–296. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22792-9_16 CrossRefGoogle Scholar
  11. 11.
    Beimel, A., Omri, E., Orlov, I.: Protocols for multiparty coin toss with dishonest majority. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 538–557. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14623-7_29 CrossRefGoogle Scholar
  12. 12.
    Belenkiy, M., Chase, M., Erway, C., Jannotti, J., Küpçü, A., Lysyanskaya, A., Rachlin, E.: Making p2p accountable without losing privacy. In: WPES (2007)Google Scholar
  13. 13.
    Bellare, M., Hoang, V.T., Rogaway, P.: Foundations of garbled circuits. In: ACM CCS (2012)Google Scholar
  14. 14.
    Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.L.: A fair protocol for signing contracts. IEEE Trans. Inf. Theor. 36, 40–46 (1990)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Bentov, I., Kumaresan, R.: How to use bitcoin to design fair protocols. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 421–439. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44381-1_24 CrossRefGoogle Scholar
  16. 16.
    Boudot, F., Schoenmakers, B., Traoré, J.: A fair and efficient solution to the socialist millionaires’ problem. Discret. Appl. Math. 111(1–2), 23–36 (2001)MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    Brandão, L.T.A.N.: Secure two-party computation with reusable bit-commitments, via a cut-and-choose with forge-and-lose technique. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 441–463. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42045-0_23 CrossRefGoogle Scholar
  18. 18.
    Cachin, C., Camenisch, J.: Optimistic fair secure computation. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 93–111. Springer, Heidelberg (2000). doi: 10.1007/3-540-44598-6_6 CrossRefGoogle Scholar
  19. 19.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS (2001)Google Scholar
  20. 20.
    Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: STOC (1986)Google Scholar
  21. 21.
    Dodis, Y., Lee, P.J., Yum, D.H.: Optimistic fair exchange in a multi-user setting. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 118–133. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-71677-8_9 CrossRefGoogle Scholar
  22. 22.
    Dong, C., Chen, L., Camenisch, J., Russello, G.: Fair private set intersection with a semi-trusted arbiter. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 128–144. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39256-6_9 CrossRefGoogle Scholar
  23. 23.
    Frederiksen, T.K., Jakobsen, T.P., Nielsen, J.B., Nordholt, P.S., Orlandi, C.: MiniLEGO: efficient secure two-party computation from general assumptions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 537–556. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38348-9_32 CrossRefGoogle Scholar
  24. 24.
    Gordon, S., Katz, J.: Partial fairness in secure two-party computation. J. Cryptol. 25(1), 14–40 (2012)MathSciNetCrossRefMATHGoogle Scholar
  25. 25.
    Gordon, S.D., Hazay, C., Katz, J., Lindell, Y.: Complete fairness in secure two-party computation. J. ACM 58, 24 (2011)MathSciNetCrossRefMATHGoogle Scholar
  26. 26.
    Gordon, S.D., Katz, J.: Partial fairness in secure two-party computation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 157–176. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_8 CrossRefGoogle Scholar
  27. 27.
    Huang, Y., Katz, J., Evans, D.: Efficient secure two-party computation using symmetric cut-and-choose. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 18–35. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40084-1_2 CrossRefGoogle Scholar
  28. 28.
    Katz, J.: On achieving the best of both worlds in secure multiparty computation. In: STOC (2007)Google Scholar
  29. 29.
    Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Universally composable synchronous computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 477–498. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36594-2_27 CrossRefGoogle Scholar
  30. 30.
    Kiayias, A., Zhou, H.-S., Zikas, V.: Fair and robust multi-party computation using a global transaction ledger. Cryptology ePrint Archive, Report 2015/574 (2015)Google Scholar
  31. 31.
    Kılınç, H., Küpçü, A.: Efficiently making secure two-party computation fair. In: FC (2016)Google Scholar
  32. 32.
    Kılınç, H., Küpçü, A.: Optimally efficient multi-party fair exchange and fair secure multi-party computation. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 330–349. Springer, Cham (2015). doi: 10.1007/978-3-319-16715-2_18 Google Scholar
  33. 33.
    Kiraz, M.S., Schoenmakers, B.: An efficient protocol for fair secure two-party computation. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 88–105. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-79263-5_6 CrossRefGoogle Scholar
  34. 34.
    Kiraz, M.S., Schoenmakers, B., Villegas, J.: Efficient committed oblivious transfer of bit strings. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 130–144. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-75496-1_9 CrossRefGoogle Scholar
  35. 35.
    Kolesnikov, V., Mohassel, P., Rosulek, M.: FleXOR: flexible garbling for XOR gates that beats Free-XOR. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 440–457. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44381-1_25 CrossRefGoogle Scholar
  36. 36.
    Kolesnikov, V., Schneider, T.: Improved garbled circuit: free XOR gates and applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-70583-3_40 CrossRefGoogle Scholar
  37. 37.
    Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. Cryptology ePrint Archive, Report 2015/675 (2015)Google Scholar
  38. 38.
    Küpçü, A.: Efficient cryptography for the next generation secure cloud. Ph.D. thesis, Brown University (2010)Google Scholar
  39. 39.
    Küpçü, A.: Efficient Cryptography for the Next Generation Secure Cloud: Protocols, Proofs, and Implementation. Lambert Academic Publishing, Saarbrücken (2010)Google Scholar
  40. 40.
    Küpçü, A.: Distributing trusted third parties. ACM SIGACT News Distrib. Comput. Column 44, 92–112 (2013)MathSciNetCrossRefGoogle Scholar
  41. 41.
    Küpçü, A., Lysyanskaya, A.: Optimistic fair exchange with multiple arbiters. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 488–507. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-15497-3_30 CrossRefGoogle Scholar
  42. 42.
    Küpçü, A., Lysyanskaya, A.: Usable optimistic fair exchange. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 252–267. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-11925-5_18 CrossRefGoogle Scholar
  43. 43.
    Küpçü, A., Lysyanskaya, A.: Usable optimistic fair exchange. Comput. Netw. 56, 50–63 (2012)CrossRefGoogle Scholar
  44. 44.
    Lindell, A.Y.: Legally-enforceable fairness in secure two-party computation. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 121–137. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-79263-5_8 CrossRefGoogle Scholar
  45. 45.
    Lindell, Y.: Fast cut-and-choose based protocols for malicious and covert adversaries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 1–17. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40084-1_1 CrossRefGoogle Scholar
  46. 46.
    Lindell, Y., Pinkas, B.: A proof of yaos protocol for secure two-party computation. In: ECCC (2004)Google Scholar
  47. 47.
    Lindell, Y., Pinkas, B.: An efficient protocol for secure two-party computation in the presence of malicious adversaries. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 52–78. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72540-4_4 CrossRefGoogle Scholar
  48. 48.
    Lindell, Y., Pinkas, B.: Secure two-party computation via cut-and-choose oblivious transfer. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 329–346. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19571-6_20 CrossRefGoogle Scholar
  49. 49.
    Micali, S.: Simple and fast optimistic protocols for fair electronic exchange. In: PODC (2003)Google Scholar
  50. 50.
    Mohassel, P., Franklin, M.: Efficient polynomial operations in the shared-coefficients setting. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 44–57. Springer, Heidelberg (2006). doi: 10.1007/11745853_4 CrossRefGoogle Scholar
  51. 51.
    Mohassel, P., Franklin, M.: Efficiency tradeoffs for malicious two-party computation. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 458–473. Springer, Heidelberg (2006). doi: 10.1007/11745853_30 CrossRefGoogle Scholar
  52. 52.
    Mohassel, P., Riva, B.: Garbled circuits checking garbled circuits: more efficient and secure two-party computation. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 36–53. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40084-1_3 CrossRefGoogle Scholar
  53. 53.
    Moran, T., Naor, M., Segev, G.: An optimally fair coin toss. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 1–18. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00457-5_1 CrossRefGoogle Scholar
  54. 54.
    Nielsen, J.B., Nordholt, P.S., Orlandi, C., Burra, S.S.: A new approach to practical active-secure two-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 681–700. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32009-5_40 CrossRefGoogle Scholar
  55. 55.
    Pinkas, B.: Fair secure two-party computation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 87–105. Springer, Heidelberg (2003). doi: 10.1007/3-540-39200-9_6 CrossRefGoogle Scholar
  56. 56.
    Rabin, M.O.: How to exchange secrets with oblivious transfer. IACR Cryptology ePrint Archive, 2005:187 (2005)Google Scholar
  57. 57.
    Ruan, O., Chen, J., Zhou, J., Cui, Y., Zhang, M.: An efficient fair UC-secure protocol for two-party computation. Secur. Commun. Netw. 7, 1253–1263 (2013)CrossRefGoogle Scholar
  58. 58.
    Ruan, O., Zhou, J., Zheng, M., Cui, G.: Efficient fair secure two-party computation. In: IEEE APSCC (2012)Google Scholar
  59. 59.
    Shelat, A., Shen, C.: Two-output secure computation with malicious adversaries. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 386–405. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-20465-4_22 CrossRefGoogle Scholar
  60. 60.
    Shelat, A., Shen, C.-H.: Fast two-party secure computation with minimal assumptions. In: ACM CCS (2013)Google Scholar
  61. 61.
    Yao, A.C.-C.: How to generate and exchange secrets. In: FOCS (1986)Google Scholar
  62. 62.
    Zahur, S., Rosulek, M., Evans, D.: Two halves make a whole. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 220–250. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46803-6_8 Google Scholar
  63. 63.
    Alptekin, K., Mohassel, P.: Fast optimistically fair cut-and-choose 2PC. Cryptology ePrint Archive, Report 2015/1209 (2015)Google Scholar

Copyright information

© International Financial Cryptography Association 2017

Authors and Affiliations

  1. 1.Koç UniversityİstanbulTurkey
  2. 2.Yahoo LabsSunnyvaleUSA

Personalised recommendations