Article

Resource fairness and composability of cryptographic protocols

Authors:

Philip MacKenzie,

Manoj Prabhakaran,

Ke YangAuthors Info & Claims

TCC'06: Proceedings of the Third conference on Theory of Cryptography

Pages 404 - 428

https://doi.org/10.1007/11681878_21

Published: 04 March 2006 Publication History

Abstract

We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to similar previously proposed definitions, our definition follows the standard simulation paradigm and enjoys strong composability properties. In particular, our definition is similar to the security definition in the universal composability (UC) framework, but works in a model that allows any party to request additional resources from the environment to deal with dishonest parties that may prematurely abort.

In this model we specify the ideally fair functionality as allowing parties to “invest resources” in return for outputs, but in such an event offering all other parties a fair deal. (The formulation of fair dealings is kept independent of any particular functionality, by defining it using a “wrapper.”) Thus, by relaxing the notion of fairness, we avoid a well-known impossibility result for fair multi-party computation with corrupted majority; in particular, our definition admits constructions that tolerate arbitrary number of corruptions. We also show that, as in the UC framework, protocols in our framework may be arbitrarily and concurrently composed.

Turning to constructions, we define a “commit-prove-fair-open” functionality and design an efficient resource-fair protocol that securely realizes it, using a new variant of a cryptographic primitive known as “time-lines.” With (the fairly wrapped version of) this functionality we show that some of the existing secure multi-party computation protocols can be easily transformed into resource-fair protocols while preserving their security.

References

[1]

L. Adleman and K. Kompella. Using smoothness to achieve parallelism. In 20th STOC, pp. 528-538, 1988.

Digital Library

[2]

N. Asokan, V. Shoup, and M. Waidner. Optimistic Fair Exchange of Digital Signatures (Extended Abstract). In EUROCRYPT 1998, pp. 591-606, 1998.

[3]

M. Backes, B. Pfitzmann, and M. Waidner. A general composition theorem for secure reactive systems. In 1st Theory of Cryptography Conference (TCC), LNCS 2951, pp. 336-354, 2004.

[4]

D. Beaver and S. Goldwasser. Multiparty Computation with Faulty Majority. In 30th FOCS, pages 503-513, 1990.

Digital Library

[5]

J. Benaloh and M. de Mare. One-Way Accumulators: A Decentralized Alternative to Digital Signatures. In Eurocrypt 1993, LNCS 765, pp. 274-285, 1994.

Digital Library

[6]

M. Ben-Or, O. Goldreich, S. Micali and R. Rivest. A Fair Protocol for Signing Contracts. IEEE Transactions on Information Theory 36(1):40-46, 1990.

Digital Library

[7]

M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness theorems for noncryptographic fault-tolerant distributed computation. In 20th STOC, pp. 1-10, 1988.

Digital Library

[8]

M. Blum. How to exchange (secret) keys. In ACM Transactions on Computer Systems, 1(2):175-193, May 1983.

Digital Library

[9]

L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudo-random number generator. SIAM Journal on Computing, 15(2):364-383, May 1986.

Digital Library

[10]

D. Boneh. The decision Diffie-Hellman problem. In Proceedings of the Third Algorithmic Number Theory Symposium, LNCS 1423, pp. 48-63, 1998.

Digital Library

[11]

D. Boneh and M. Naor. Timed commitments (extended abstract). In Advances in Cryptology--CRYPTO '00, LNCS 1880, pp. 236-254, Springer-Verlag, 2000.

Digital Library

[12]

C. Cachin and J. Camenisch. Optimistic Fair Secure Computation. In Advances in Cryptology--CRYPTO '00, LNCS 1880, pp. 93-111, Springer-Verlag, 2000.

Digital Library

[13]

R. Canetti. Security and Composition of Multiparty Cryptographic Protocols. Journal of Cryptology, 13(1):143-202, Winter 2000.

Digital Library

[14]

Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. Electronic Colloquium on Computational Complexity (ECCC) TR01- 016, 2001. Previous version "A unified framework for analyzing security of protocols" availabe at the ECCC archive TR01-016. Extended abstract in FOCS 2001.

Digital Library

[15]

Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067, 2005. Revised version of {14}.

Digital Library

[16]

R. Canetti and M. Fischlin. Universally composable commitments. In CRYPTO 2001, LNCS 2139, pp. 19-40, 2001.

Digital Library

[17]

R. Canetti, Y. Lindell, R. Ostrovsky, and A. Sahai. Universally Composable Twoparty and Multi-party Secure Computation. In 34th STOC, 2002.

Digital Library

[18]

D. Chaum, C. Crépeau, and I. Damgård. Multiparty unconditionally secure protocols. In 20th STOC, pp. 11-19, 1988.

Digital Library

[19]

R. Cleve. Limits on the security of coin flips when half the processors are faulty. In Proceedings of the 18th Annual ACM Symposium on Theory of Computing (STOC 1986), pp. 364-369, 1986.

Digital Library

[20]

R. Cramer. Modular Design of Secure yet Practical Cryptographic Protocols. Ph.D. Thesis. CWI and University of Amsterdam, 1997.

[21]

R. Cramer, I. Damgård, and J. Nielsen. Multiparty Computation from Threshold Homomorphic Encryption In Advances in Cryptology - EuroCrypt 2001 Proceedings, LNCS 2045, pp. 280-300, Springer-Verlag, 2001.

Digital Library

[22]

R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Advances in Cryptology - CRYPTO '94, LNCS 839, pp. 174-187, 1994.

Digital Library

[23]

I. Damgård. Practical and Provably Secure Release of a Secret and Exchange of Signatures. In Journal of Cryptology 8(4), pp. 201-222, 1995.

Digital Library

[24]

I. Damgård and M .Jurik. Efficient protocols based probabilistic encryptions using composite degree residue classes. In Research Series RS-00-5, BRICS, Department of Computer Science, University of Aarhus, 2000.

[25]

I. Damgård, and J. Nielsen. Universally Composable Efficient Multiparty Computation from Threshold Homomorphic Encryption. In Advances in Cryptology - CRYPTO '03, 2003.

[26]

D. Dolev, C. Dwork and M. Naor. Non-malleable cryptography. SIAM J. on Comput., 30(2):391-437, 2000. An earlier version appeared in 23rd ACM Symp. on Theory of Computing, pp. 542-552, 1991.

Digital Library

[27]

S. Even, O. Goldreich, and A. Lempel. A randomized protocol for signing contracts. Commun. ACM, 28(6):637-647, June 1985.

Digital Library

[28]

M. Fitzi, D. Gottesman, M. Hirt, T. Holenstein and A. Smith. Detectable Byzantine Agreement Tolerating Faulty Majorities (from scratch). In 21st PODC, pp. 118- 126, 2002.

Digital Library

[29]

P. Fouque, G .Poupard, and J. Stern. Sharing decryption in the context of voting or lotteries. In Proceedings of Financial Crypto 2000, 2000.

Digital Library

[30]

Z. Galil, S. Haber, and M. Yung. Cryptographic Computation: Secure Faulttolerant Protocols and the Public-Key Model. In CRYPTO'87, pp. 135-155, 1988.

Digital Library

[31]

J. Garay and M. Jakobsson. Timed Release of Standard Digital Signatures. In Financial Cryptography '02, LNCS 2357, pp. 168-182, Springer-Verlag, 2002.

Digital Library

[32]

J. Garay, P. MacKenzie, M. Prabhakaran and K. Yang. Resource Fairness and Composability of Cryptographic Protocols. In Cryptology ePrint Archive, http://eprint.iacr.org/2005/370.

[33]

J. Garay, P. MacKenzie and K. Yang. Strengthening Zero-Knowledge Protocols using Signatures. In Advances in Cryptology - Eurocrypt 2003, LNCS 2656, pp.177-194, 2003. Full version in Cryptology ePrint Archive, http://eprint.iacr.org/2003/037, 2003. To appear in Journal of Cryptology.

Digital Library

[34]

J. Garay, P. MacKenzie and K. Yang. Efficient and Universally Composable Committed Oblivious Transfer and Applications. In 1st Theory of Cryptography Conference (TCC), LNCS 2951, pp. 297-316, 2004.

[35]

J. Garay, P. MacKenzie and K. Yang. Efficient and Secure Multi-Party Computation with Faulty Majority and Complete Fairness. In Cryptology ePrint Archive, http://eprint.iacr.org/2004/019.

[36]

J. Garay and C. Pomerance. Timed Fair Exchange of Standard Signatures. In Financial Cryptography 2003, LNCS 2742, pp. 190-207, Springer-Verlag, 2003.

Digital Library

[37]

O. Goldreich. Secure Multi-Party Computation (Working Draft, Version 1.2), March 2000. Available from http://www.wisdom.weizmann.ac.il/~oded/ pp.html.

[38]

O. Goldreich, S. Micali, and A. Wigderson. How to Play any Mental Game - A Completeness Theorem for Protocols with Honest Majority. In 19th ACM Symposium on the Theory of Computing, pp. 218-229, 1987.

Digital Library

[39]

S. Goldwasser and L. Levin. Fair computation of general functions in presence of immoral majority, In CRYPTO '90, pp. 77-93, Springer-Verlag, 1991.

Digital Library

[40]

S. Goldwasser and Y. Lindell. Secure ComputationWithout Agreement. In Journal of Cryptology, 18(3), pp. 247-287, 2005.

Digital Library

[41]

D. Hofheinz and J. Müller-Quade. A Synchronous Model for Multi-Party Computation and Incompleteness of Oblivious Transfer. In Cryptology ePrint Archive, http://eprint.iacr.org/2004/016, 2004.

[42]

M. Lepinski, S. Micali, C. Peikert, and A. Shelat. Completely fair SFE and coalition-safe cheap talk. In 23rd PODC, pp. 1-10, 2004.

Digital Library

[43]

Y. Lindell. General Composition and Universal Composability in Secure Multi-Party Computation.In FOCS 2003.

Digital Library

[44]

P. MacKenzie and K. Yang. On Simulation Sound Trapdoor Commitments. In Advances in Cryptology-Eurocrypt '04, pp.382-400, 2004.

[45]

J. B. Nielsen. On Protocol Security in the Cryptographi Model. Ph.D. Thesis. Aarhus University, 2003.

[46]

P. Paillier. Public-key cryptosystems based on composite degree residue classes. In Advances in Cryptology-Eurocrypt '99, pp.223-238, 1999.

Digital Library

[47]

T. P. Pedersen. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. In Advances in Cryptology - CRYPTO '91, LNCS 576, 129-140, Springer-Verlag, 1991.

Digital Library

[48]

B. Pfitzmann and M. Waidner. Composition and Integrity Preservation of Secure Reactive Systems. In ACM Conference on Computer and Communications Security (CSS), pp. 245-254, 2000.

Digital Library

[49]

B. Pinkas. Fair Secure Two-Party Computation. In Eurocrypt 2003, pp. 87-105, 2003.

Digital Library

[50]

M. Prabhakaran and A. Sahai. New notions of security: Achieving universal composability without trusted setup. Cryptology ePrint Archive, Report 2004/139. Extended abstract in Proc. 36th STOC, pp. 242-251, 2004.

Digital Library

[51]

T. Rabin and M. Ben-Or. Verifiable Secret Sharing and Multiparty Protocols with Honest Majority. In 21st STOC, pp. 73-85, 1989.

Digital Library

[52]

V. Shoup. A Computational Introduction to Number Theory and Algebra. Preliminary book, available at http://shoup.net/ntb/.

Digital Library

[53]

J. Sorenson. A Sublinear-Time Parallel Algorithm for Integer Modular Exponentiation. Available from http://citeseer.nj.nec.com/sorenson99 sublineartime.html.

[54]

A. Yao. Protocols for Secure Computation. In FOCS 1982, pp. 160-164, 1982.

Digital Library

[55]

A. Yao. How to generate and exchange secrets. In FOCS 1986, pp. 162-167, 1986.

Digital Library

Cited By

Cohen RGaray JZikas V(2023)Completeness Theorems for Adaptively Secure BroadcastAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38557-5_1(3-38)Online publication date: 20-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-38557-5_1
Baum CDavid BDowsley RKishore RNielsen JOechsner S(2023)CRAFT: Composable Randomness Beacons and Output-Independent Abort MPC From TimePublic-Key Cryptography – PKC 202310.1007/978-3-031-31368-4_16(439-470)Online publication date: 7-May-2023
https://dl.acm.org/doi/10.1007/978-3-031-31368-4_16
Xu YZhang KYu Y(2022)GRUZ: Practical Resource Fair Exchange Without BlockchainInformation Security10.1007/978-3-031-22390-7_14(214-228)Online publication date: 18-Dec-2022
https://dl.acm.org/doi/10.1007/978-3-031-22390-7_14
Show More Cited By

Index Terms

Resource fairness and composability of cryptographic protocols
1. Security and privacy
  1. Cryptography
2. Theory of computation
  1. Computational complexity and cryptography

Index terms have been assigned to the content through auto-classification.

Recommendations

Resource Fairness and Composability of Cryptographic Protocols

We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to ...
Probabilistic Termination and Composability of Cryptographic Protocols

When analyzing the round complexity of multi-party protocols, one often overlooks the fact that underlying resources, such as a broadcast channel, can by themselves be expensive to implement. For example, it is well known that it is impossible to ...
Probabilistic Termination and Composability of Cryptographic Protocols
Proceedings, Part III, of the 36th Annual International Cryptology Conference on Advances in Cryptology --- CRYPTO 2016 - Volume 9816

When analyzing the round complexity of multi-party computation MPC, one often overlooks the fact that underlying resources, such as a broadcast channel, can by themselves be expensive to implement. For example, it is impossible to implement a broadcast ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

TCC'06: Proceedings of the Third conference on Theory of Cryptography

March 2006

616 pages

ISBN:3540327312

Editors:
Shai Halevi
IBM Research, Hawthorne, NY
,
Tal Rabin
IBM T.J.Watson Research Center, Hawthorne, NY

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 04 March 2006

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

29
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cohen RGaray JZikas V(2023)Completeness Theorems for Adaptively Secure BroadcastAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38557-5_1(3-38)Online publication date: 20-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-38557-5_1
Baum CDavid BDowsley RKishore RNielsen JOechsner S(2023)CRAFT: Composable Randomness Beacons and Output-Independent Abort MPC From TimePublic-Key Cryptography – PKC 202310.1007/978-3-031-31368-4_16(439-470)Online publication date: 7-May-2023
https://dl.acm.org/doi/10.1007/978-3-031-31368-4_16
Xu YZhang KYu Y(2022)GRUZ: Practical Resource Fair Exchange Without BlockchainInformation Security10.1007/978-3-031-22390-7_14(214-228)Online publication date: 18-Dec-2022
https://dl.acm.org/doi/10.1007/978-3-031-22390-7_14
Jaques SMontgomery HRosie RRoy A(2021)Time-Release Cryptography from Minimal Circuit AssumptionsProgress in Cryptology – INDOCRYPT 202110.1007/978-3-030-92518-5_26(584-606)Online publication date: 12-Dec-2021
https://dl.acm.org/doi/10.1007/978-3-030-92518-5_26
Teşeleanu G(2021)Concurrent Signatures from a Variety of KeysInformation Security and Cryptology10.1007/978-3-030-88323-2_1(3-22)Online publication date: 12-Aug-2021
https://dl.acm.org/doi/10.1007/978-3-030-88323-2_1
Baum CDavid BDowsley RNielsen JOechsner S(2021)TARDIS: A Foundation of Time-Lock Puzzles in UCAdvances in Cryptology – EUROCRYPT 202110.1007/978-3-030-77883-5_15(429-459)Online publication date: 17-Oct-2021
https://dl.acm.org/doi/10.1007/978-3-030-77883-5_15
Paul SShrivastava A(2018)Robust Multiparty Computation with Faster Verification TimeInformation Security and Privacy10.1007/978-3-319-93638-3_8(114-131)Online publication date: 11-Jul-2018
https://dl.acm.org/doi/10.1007/978-3-319-93638-3_8
Schröder DUnruh D(2017)Security of Blind Signatures RevisitedJournal of Cryptology10.1007/s00145-015-9225-130:2(470-494)Online publication date: 1-Apr-2017
https://dl.acm.org/doi/10.1007/s00145-015-9225-1
Kiayias AZhou HZikas V(2016)Fair and Robust Multi-party Computation Using a Global Transaction LedgerProceedings, Part II, of the 35th Annual International Conference on Advances in Cryptology --- EUROCRYPT 2016 - Volume 966610.5555/3081738.3081763(705-734)Online publication date: 8-May-2016
https://dl.acm.org/doi/10.5555/3081738.3081763
Asharov GCanetti RHazay C(2016)Toward a Game Theoretic View of Secure ComputationJournal of Cryptology10.1007/s00145-015-9212-629:4(879-926)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1007/s00145-015-9212-6
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents