Computational Hardness of Optimal Fair Computation: Beyond Minicrypt
Pages 33 - 63
Abstract
Secure multi-party computation allows mutually distrusting parties to compute securely over their private data. However, guaranteeing output delivery to honest parties when the adversarial parties may abort the protocol has been a challenging objective. As a representative task, this work considers two-party coin-tossing protocols with guaranteed output delivery, a.k.a., fair coin-tossing.
In the information-theoretic plain model, as in two-party zero-sum games, one of the parties can force an output with certainty. In the commitment-hybrid, any r-message coin-tossing protocol is -unfair, i.e., the adversary can change the honest party’s output distribution by in the statistical distance. Moran, Naor, and Segev (TCC–2009) constructed the first 1/r-unfair protocol in the oblivious transfer-hybrid. No further security improvement is possible because Cleve (STOC–1986) proved that 1/r-unfairness is unavoidable. Therefore, Moran, Naor, and Segev’s coin-tossing protocol is optimal. However, is oblivious transfer necessary for optimal fair coin-tossing?
Maji and Wang (CRYPTO–2020) proved that any coin-tossing protocol using one-way functions in a black-box manner is at least -unfair. That is, optimal fair coin-tossing is impossible in Minicrypt. Our work focuses on tightly characterizing the hardness of computation assumption necessary and sufficient for optimal fair coin-tossing within Cryptomania, outside Minicrypt. Haitner, Makriyannia, Nissim, Omri, Shaltiel, and Silbak (FOCS–2018 and TCC–2018) proved that better than -unfairness, for any constant r, implies the existence of a key-agreement protocol.
We prove that any coin-tossing protocol using public-key encryption (or, multi-round key agreement protocols) in a black-box manner must be -unfair. Next, our work entirely characterizes the additional power of secure function evaluation functionalities for optimal fair coin-tossing. We augment the model with an idealized secure function evaluation of f, a.k.a., the f-hybrid. If f is complete, that is, oblivious transfer is possible in the f-hybrid, then optimal fair coin-tossing is also possible in the f-hybrid. On the other hand, if f is not complete, then a coin-tossing protocol using public-key encryption in a black-box manner in the f-hybrid is at least -unfair.
References
[1]
Agrawal S and Prabhakaran M Canetti R and Garay JA On fair exchange, fair coins and fair sampling Advances in Cryptology – CRYPTO 2013 2013 Heidelberg Springer 259-276
[2]
Alon B and Omri E Hirt M and Smith A Almost-optimally fair multiparty coin-tossing with nearly three-quarters malicious Theory of Cryptography 2016 Heidelberg Springer 307-335
[3]
Asharov G Lindell Y Towards characterizing complete fairness in secure two-party computation Theory of Cryptography 2014 Heidelberg Springer 291-316
[4]
Asharov G, Beimel A, Makriyannis N, and Omri E Dodis Y and Nielsen JB Complete characterization of fairness in secure two-party computation of boolean functions Theory of Cryptography 2015 Heidelberg Springer 199-228
[5]
Asharov G, Lindell Y, and Rabin T Sahai A A full characterization of functions that imply fair coin tossing and ramifications to fairness Theory of Cryptography 2013 Heidelberg Springer 243-262
[6]
Awerbuch, B., Blum, M., Chor, B., Goldwasser, S., Micali, S.: How to implement Bracha’s O (log n) byzantine agreement algorithm (1985)
[7]
Baecher P, Brzuska C, and Fischlin M Sako K and Sarkar P Notions of black-box reductions, revisited Advances in Cryptology - ASIACRYPT 2013 2013 Heidelberg Springer 296-315
[8]
Barak B and Mahmoody-Ghidary M Halevi S Merkle puzzles are optimal — an -query attack on any key exchange from a random oracle Advances in Cryptology - CRYPTO 2009 2009 Heidelberg Springer 374-390
[9]
Beaver, D.: Perfect privacy for two-party protocols. In: DIMACS (1989)
[10]
Beimel A, Lindell Y, Omri E, and Orlov I Rogaway P 1/p-secure multiparty computation without honest majority and the best of both worlds Advances in Cryptology – CRYPTO 2011 2011 Heidelberg Springer 277-296
[11]
Beimel A, Omri E, and Orlov I Rabin T Protocols for multiparty coin toss with dishonest majority Advances in Cryptology – CRYPTO 2010 2010 Heidelberg Springer 538-557
[12]
Blum, M.: Coin flipping by telephone - a protocol for solving impossible problems (1982)
[13]
Broder, A.Z., Dolev, D.: Flipping coins in many pockets (byzantine agreement on uniformly random values). In: 25th FOCS, pp. 157–170. IEEE Computer Society Press, October 1984
[14]
Buchbinder, N., Haitner, I., Levi, N., Tsfadia, E.: Fair coin flipping: tighter analysis and the many-party case. In: Klein, P.N. (ed.) 28th SODA, pp. 2580–2600. ACM-SIAM, January 2017
[15]
Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)
[16]
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press, October 2001
[17]
Canetti R, Kushilevitz E, and Lindell Y Biham E On the limitations of universally composable two-party computation without set-up assumptions Advances in Cryptology — EUROCRYPT 2003 2003 Heidelberg Springer 68-86
[18]
Chor, B., Kushilevitz, E.: A zero-one law for Boolean privacy (extended abstract). In: 21st ACM STOC, pp. 62–72. ACM Press, May 1989
[19]
Cleve, R.: Limits on the security of coin flips when half the processors are faulty (extended abstract). In: 18th ACM STOC, pp. 364–369. ACM Press, May 1986
[20]
Cleve, R., Impagliazzo, R.: Martingales, collective coin flipping and discrete control processes (extended abstract) (1993)
[21]
Dachman-Soled D, Lindell Y, Mahmoody M, and Malkin T Ishai Y On the black-box complexity of optimally-fair coin tossing Theory of Cryptography 2011 Heidelberg Springer 450-467
[22]
Dachman-Soled D, Mahmoody M, and Malkin T Lindell Y Can optimally-fair coin tossing be based on one-way functions? Theory of Cryptography 2014 Heidelberg Springer 217-239
[23]
Data D and Prabhakaran M Abdalla M and Dahab R Towards characterizing securely computable two-party randomized functions Public-Key Cryptography – PKC 2018 2018 Cham Springer 675-697
[24]
Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) CRYPTO 1982, pp. 205–210. Plenum Press, New York (1982)
[25]
Gennaro, R., Gertner, Y., Katz, J.: Lower bounds on the efficiency of encryption and digital signature schemes. In: 35th ACM STOC, pp. 417–425. ACM Press, June 2003
[26]
Gennaro, R., Trevisan, L.: Lower bounds on the efficiency of generic cryptographic constructions. In: 41st FOCS, pp. 305–313. IEEE Computer Society Press, November 2000
[27]
Gertner, Y., Kannan, S., Malkin, T., Reingold, O., Viswanathan, M.: The relationship between public key encryption and oblivious transfer. In: 41st FOCS, pp. 325–335. IEEE Computer Society Press, November 2000
[28]
Gertner, Y., Malkin, T., Reingold, O.: On the impossibility of basing trapdoor functions on trapdoor predicates. In: 42nd FOCS, pp. 126–135. IEEE Computer Society Press, October 2001
[29]
Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions (extended abstract). In: 25th FOCS, pp. 464–479. IEEE Computer Society Press, October 1984
[30]
Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)
[31]
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A. (ed.) 19th ACM STOC, pp. 218–229. ACM Press, May 1987
[32]
Goldreich O, Micali S, and Wigderson A Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems J. ACM 1991 38 3 691-729
[33]
Gordon, S.D., Hazay, C., Katz, J., Lindell, Y.: Complete fairness in secure two-party computation. In: Ladner, R.E., Dwork, C. (eds.) 40th ACM STOC, pp. 413–422. ACM Press, May 2008
[34]
Gordon SD and Katz J Gilbert H Partial fairness in secure two-party computation Advances in Cryptology – EUROCRYPT 2010 2010 Heidelberg Springer 157-176
[35]
Haitner I, Makriyannis N, and Omri E Beimel A and Dziembowski S On the complexity of fair coin flipping Theory of Cryptography 2018 Cham Springer 539-562
[36]
Haitner, I., Nissim, K., Omri, E., Shaltiel, R., Silbak, J.: Computational two-party correlation: a dichotomy for key-agreement protocols. In: Thorup, M. (ed.) 59th FOCS, pp. 136–147. IEEE Computer Society Press, October 2018
[37]
Haitner, I., Omri, E.: Coin flipping with constant bias implies one-way functions. In: Ostrovsky, R. (ed.) 52nd FOCS, pp. 110–119. IEEE Computer Society Press, October 2011
[38]
Haitner, I., Reingold, O.: Statistically-hiding commitment from any one-way function. In: Johnson, D.S., Feige, U. (eds.) 39th ACM STOC, pp. 1–10. ACM Press, June 2007
[39]
Haitner, I., Tsfadia, E.: An almost-optimally fair three-party coin-flipping protocol. In: Shmoys, D.B. (ed.) 46th ACM STOC, pp. 408–416. ACM Press, May/June 2014
[40]
Håstad, J.: Pseudo-random generators under uniform assumptions. In: 22nd ACM STOC, pp. 395–404. ACM Press, May 1990
[41]
Håstad J, Impagliazzo R, Levin LA, and Luby M A pseudorandom generator from any one-way function SIAM J. Comput. 1999 28 4 1364-1396
[42]
Impagliazzo, R.: A personal view of average-case complexity. In: Proceedings of the Tenth Annual Structure in Complexity Theory Conference (1995)
[43]
Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions (extended abstracts). In: 21st ACM STOC, pp. 12–24. ACM Press, May 1989
[44]
Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: 21st ACM STOC, pp. 44–61. ACM Press, May 1989
[45]
Khorasgani, H.A., Maji, H.K., Wang, M.: Coin tossing with lazy defense: hardness of computation results. Cryptology ePrint Archive, Report 2020/131 (2020). https://eprint.iacr.org/2020/131
[46]
Kilian, J.: A general completeness theorem for two-party games. In: 23rd ACM STOC, pp. 553–560. ACM Press, May 1991
[47]
Kilian, J.: More general completeness theorems for secure two-party computation. In: 32nd ACM STOC, pp. 316–324. ACM Press, May 2000
[48]
Kreitz G Ishai Y A zero-one law for secure multi-party computation with ternary outputs Theory of Cryptography 2011 Heidelberg Springer 382-399
[49]
Künzler R, Müller-Quade J, and Raub D Reingold O Secure computability of functions in the IT setting with dishonest majority and applications to long-term security Theory of Cryptography 2009 Heidelberg Springer 238-255
[50]
Kushilevitz, E.: Privacy and communication complexity. In: 30th FOCS, pp. 416–421. IEEE Computer Society Press, October/November 1989
[51]
Kushilevitz, E., Nisan, N.: Communication complexity. Google Scholar Digital Library Digital Library (1997)
[52]
Lindell Y Naor M Lower bounds for concurrent self composition Theory of Cryptography 2004 Heidelberg Springer 203-222
[53]
Lindell, Y.: How to simulate it - a tutorial on the simulation proof technique. Tutor. Found. Cryptogr. 277–346 (2017)
[54]
Lindell Y, Omri E, and Zarosim H Wang X and Sako K Completeness for symmetric two-party functionalities - revisited Advances in Cryptology – ASIACRYPT 2012 2012 Heidelberg Springer 116-133
[55]
Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)
[56]
Mahmoody M, Maji HK, and Prabhakaran M Lindell Y On the power of public-key encryption in secure computation TCC 2014 2014 Heidelberg Springer 240-264
[57]
Maji HK, Prabhakaran M, and Rosulek M Reingold O Complexity of multi-party computation problems: the case of 2-party symmetric secure function evaluation Theory of Cryptography 2009 Heidelberg Springer 256-273
[58]
Maji HK, Prabhakaran M, and Rosulek M Rabin T A zero-one law for cryptographic complexity with respect to computational UC security Advances in Cryptology – CRYPTO 2010 2010 Heidelberg Springer 595-612
[59]
Maji HK and Wang M Micciancio D and Ristenpart T Black-box use of one-way functions is useless for optimal fair coin-tossing Advances in Cryptology – CRYPTO 2020 2020 Cham Springer 593-617
[60]
Makriyannis N Abdalla M and De Prisco R On the classification of finite boolean functions up to fairness Security and Cryptography for Networks 2014 Cham Springer 135-154
[61]
Moran T, Naor M, and Segev G Reingold O An optimally fair coin toss Theory of Cryptography 2009 Heidelberg Springer 1-18
[62]
Naor, M.: Bit commitment using pseudorandomness. J. Cryptol. 4(2), 151–158 (1991)
[63]
Naor, M., Ostrovsky, R., Venkatesan, R., Yung, M.: Perfect zero-knowledge arguments for NP using any one-way permutation. J. Cryptol. 11(2), 87–108 (1998)
[64]
Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: 21st ACM STOC, pp. 33–43. ACM Press, May 1989
[65]
Papadimitriou, C.H.: Games against nature (extended abstract). In: 24th FOCS, pp. 446–450. IEEE Computer Society Press, November 1983
[66]
Prabhakaran M and Rosulek M Wagner D Cryptographic complexity of multi-party computation problems: classifications and separations Advances in Cryptology – CRYPTO 2008 2008 Heidelberg Springer 262-279
[67]
Rabin, M.O.: How to exchange secrets by oblivious transfer. Technical Memo TR-81 (1981)
[68]
Rabin, M.O.: How to exchange secrets with oblivious transfer. Cryptology ePrint Archive, Report 2005/187 (2005). http://eprint.iacr.org/2005/187
[69]
Reingold O, Trevisan L, and Vadhan S Naor M Notions of reducibility between cryptographic primitives Theory of Cryptography 2004 Heidelberg Springer 1-20
[70]
Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: 22nd ACM STOC, pp. 387–394. ACM Press, May 1990
[71]
Rosulek M and Shirley M Beimel A and Dziembowski S On the structure of unconditional UC hybrid protocols Theory of Cryptography 2018 Cham Springer 98-126
[72]
Rudich S Feigenbaum J The use of interaction in public cryptosystems (extended abstract) Advances in Cryptology — CRYPTO ’91 1992 Heidelberg Springer 242-251
[73]
Schilling, R.L.: Measures, integrals and martingales (2017)
[74]
Simon DR Nyberg K Finding collisions on a one-way street: can secure hash functions be based on general assumptions? Advances in Cryptology — EUROCRYPT’98 1998 Heidelberg Springer 334-345
[75]
Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: 23rd FOCS, pp. 160–164. IEEE Computer Society Press, November 1982
Index Terms
- Computational Hardness of Optimal Fair Computation: Beyond Minicrypt
Index terms have been assigned to the content through auto-classification.
Recommendations
An almost-optimally fair three-party coin-flipping protocol
STOC '14: Proceedings of the forty-sixth annual ACM symposium on Theory of computingIn a multiparty fair coin-flipping protocol, the parties output a common (close to) unbiased bit, even when some corrupted parties try to bias the output. Cleve [STOC 1986] has shown that in the case of dishonest majority (i.e., at least half of the ...
Optimally Efficient Multi-party Fair Exchange and Fair Secure Multi-party Computation
Multi-party fair exchange (MFE) and fair secure multi-party computation (fair SMPC) are under-studied fields of research, with practical importance. In particular, we consider MFE scenarios where at the end of the protocol, either every participant ...
Fair coin flipping: tighter analysis and the many-party case
SODA '17: Proceedings of the Twenty-Eighth Annual ACM-SIAM Symposium on Discrete AlgorithmsIn a multi-party fair coin-flipping protocol, the parties output a common (close to) unbiased bit, even when some corrupted parties try to bias the output. In this work we focus on the case of dishonest majority, ie at least half of the parties can be ...
Comments
Information & Contributors
Information
Published In
Aug 2021
833 pages
© International Association for Cryptologic Research 2021.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 16 August 2021
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 13 Jan 2025