Skip to main content

Efficient Fair Multiparty Protocols Using Blockchain and Trusted Hardware

  • Conference paper
  • First Online:
Progress in Cryptology – LATINCRYPT 2019 (LATINCRYPT 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11774))


In ACM CCS’17, Choudhuri et al. designed two fair public-ledger-based multi-party protocols (in the malicious model with dishonest majority) for computing an arbitrary function f. One of their protocols is based on a trusted hardware enclave \(\mathcal {G}\) (which can be implemented using Intel SGX-hardware) and a public ledger (which can be implemented using a blockchain platform, such as Ethereum). Subsequently, in NDSS’19, a stateless version of the protocol was published. This is the first time, (a certain definition of) fairness – that guarantees either all parties learn the final output or nobody does – is achieved without any monetary or computational penalties. However, these protocols are fair, if the underlying core MPC component guarantees both privacy and correctness. While privacy is easy to achieve (using a secret sharing scheme), correctness requires expensive operations (such as ZK proofs and commitment schemes). We improve on this work in three different directions: attack, design and performance.

Our first major contribution is building practical attacks that demonstrate: if correctness is not satisfied then the fairness property of the aforementioned protocols collapse. Next, we design two new protocols – stateful and stateless – based on public ledger and trusted hardware that are: resistant against the aforementioned attacks, and made several orders of magnitude more efficient (related to both time and memory) than the existing ones by eliminating ZK proofs and commitment schemes in the design.

Last but not the least, we implemented the core MPC part of our protocols using the SPDZ-2 framework to demonstrate the feasibility of its practical implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others


  1. 1.

    See [6] and [7] for description of monetary and computational (a.k.a. \(\varDelta \)-fairness) penalties.

  2. 2.

    \(\mathcal {G}\) is implemented using Intel SGX hardware.

  3. 3.

    If \(P_1\) posts an incorrect ciphertext to BB then he himself gets a wrong tag from BB, preventing him from obtaining the f from \(\mathcal {G}\).

  4. 4.

    The auxiliary input is derived by the adversary (as well as the simulator) from the previous executions of the protocol.

  5. 5.

    Another way of designing \(\pi \) is by using SPDZ directly [11].

  6. 6.

    Note that none of the parties know the key K; \(P_i\) knows only \(k_i\).


  1. Certificate transparency. Accessed 25 Feb 2019

  2. SPDZ, MASCOT, and Overdrive offline phases Github (2017).

  3. Obscuro. Github (2017).

  4. Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, Ł.: Fair two-party computations via bitcoin deposits. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 105–121. Springer, Heidelberg (2014).

    Chapter  Google Scholar 

  5. Bahmani, R., et al.: Secure multiparty computation from SGX. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 477–497. Springer, Cham (2017).

    Chapter  Google Scholar 

  6. Bentov, I., Kumaresan, R.: How to use bitcoin to design fair protocols. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 421–439. Springer, Heidelberg (2014).

    Chapter  Google Scholar 

  7. Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000).

    Chapter  Google Scholar 

  8. Choudhuri, A.R., Green, M., Jain, A., Kaptchuk, G., Miers, I.: Fairness in an unfair world: fair multiparty computation from public bulletin boards. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 719–728. ACM (2017)

    Google Scholar 

  9. Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: Proceedings of the Eighteenth Annual ACM Symposium on Theory of Computing, pp. 364–369. ACM (1986)

    Google Scholar 

  10. Costan, V., Devadas, S.: Intel SGX explained. In: IACR Cryptology ePrint Archive, vol. 2016, no. 086, pp. 1–118 (2016)

    Google Scholar 

  11. Damgård, I., Keller, M., Larraia, E., Pastro, V., Scholl, P., Smart, N.P.: Practical covertly secure MPC for dishonest majority – Or: breaking the SPDZ limits. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 1–18. Springer, Heidelberg (2013).

    Chapter  Google Scholar 

  12. Du, W., Atallah, M.J.: Secure multi-party computation problems and their applications: a review and open problems. In: Proceedings of the 2001 Workshop on New Security Paradigms, pp. 13–22. ACM (2001)

    Google Scholar 

  13. Goldreich, O.: Foundations of Cryptography: Basic Tools, vol. 1. Cambridge University Press, Cambridge (2007)

    MATH  Google Scholar 

  14. Goldreich, O.: Foundations of Cryptography: Basic Applications, vol. 2. Cambridge University Press, Cambridge (2009)

    MATH  Google Scholar 

  15. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM (1987)

    Google Scholar 

  16. Kaptchuk, G., Green, M., Miers, I.: Giving state to the stateless: augmenting trustworthy computation with ledgers. In: 26th Annual Network and Distributed System Security Symposium, NDSS (2019)

    Google Scholar 

  17. Kiayias, A., Zhou, H.-S., Zikas, V.: Fair and robust multi-party computation using a global transaction ledger. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 705–734. Springer, Heidelberg (2016).

    Chapter  Google Scholar 

  18. Kumaresan, R., Moran, T., Bentov, I.: How to use bitcoin to play decentralized poker. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 195–206. ACM (2015)

    Google Scholar 

  19. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Consulted 1(2012), 28 (2008)

    Google Scholar 

  20. Rogaway, P., Bellare, M., Black, J.: OCB: a block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur. (TISSEC) 6, 365–403 (2003)

    Article  Google Scholar 

  21. Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)

    Article  MathSciNet  Google Scholar 

  22. Yao, A.C.-C.: Protocols for secure computations. In: FOCS, pp. 160–164. IEEE (1982)

    Google Scholar 

Download references


Second author is supported by a research fellowship generously provided by Tata Consultancy Services (TCS). We thank the anonymous reviewers for their constructive comments.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Ananya Shrivastava .

Editor information

Editors and Affiliations

A Program prog and \(\textsf {prog}'\) for \(\mathcal {G}\)

A Program prog and \(\textsf {prog}'\) for \(\mathcal {G}\)

The algorithmic description of prog and \(\textsf {prog}'\) is given in Fig. 6.

Fig. 6.
figure 6

Algorithmic descriptions of \(\textsf {prog}\) and \(\textsf {prog}'\). We get \(\textsf {prog}'\) by removing the boxed statements of \(\textsf {prog}\). Here, \(j=1\,-\,i\). It is parameterized by: a cut-off time \(\varDelta t\), the verification key \(\textsf {vk}_{\textsf {BB}}\) of Bulletin Board, a set of parties \(\mathcal {P}=\{P_0, P_1\}\), and the party index i. It uses the following primitives: commitment Com, the authenticated encryption scheme AE, a one-way function OWF, and the Bulletin Board BB (see Sect. 3 for more details). Here, the state variables are marked , and the variables that are not stored locally are marked . (Color figure online)

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Paul, S., Shrivastava, A. (2019). Efficient Fair Multiparty Protocols Using Blockchain and Trusted Hardware. In: Schwabe, P., Thériault, N. (eds) Progress in Cryptology – LATINCRYPT 2019. LATINCRYPT 2019. Lecture Notes in Computer Science(), vol 11774. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-30529-1

  • Online ISBN: 978-3-030-30530-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics