Resource Fairness and Composability of Cryptographic Protocols

We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to previously proposed definitions related to fairness, our...

Full description

Saved in:
Bibliographic Details
Published in:Journal of cryptology 2011-10, Vol.24 (4), p.615-658
Main Authors: Garay, Juan A., MacKenzie, Philip, Prabhakaran, Manoj, Yang, Ke
Format: Article
Language:English
Subjects:
Applied sciences
Coding and Information Theory
Combinatorics
Communications Engineering
Computation
Computational Mathematics and Numerical Analysis
Computer Science
Computer simulation
Cryptography
Exact sciences and technology
Information, signal and communications theory
Networks
Operation, maintenance, reliability of teleprocessing networks
Probability Theory and Stochastic Processes
Security
Signal and communications theory
Telecommunications
Telecommunications and information theory
Teleprocessing networks. Isdn
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to previously proposed definitions related to fairness, our definition follows the standard simulation paradigm and enjoys strong composability properties. In particular, our definition is similar to the security definition in the universal composability (UC) framework, but works in a model that allows any party to request additional resources from the environment to deal with dishonest parties that may prematurely abort. In this model we specify the ideally fair functionality as allowing parties to “invest resources” in return for outputs, but in such an event offering all other parties a fair deal. (The formulation of fair dealings is kept independent of any particular functionality, by defining it using a “wrapper.”) Thus, by relaxing the notion of fairness, we avoid a well-known impossibility result for fair multi-party computation with corrupted majority; in particular, our definition admits constructions that tolerate arbitrary number of corruptions. We also show that, as in the UC framework, protocols in our framework may be arbitrarily and concurrently composed. Turning to constructions, we define a “commit-prove-fair-open” functionality and design an efficient resource-fair protocol that securely realizes it, using a new variant of a cryptographic primitive known as “time-lines.” With (the fairly wrapped version of) this functionality we show that some of the existing secure multi-party computation protocols can be easily transformed into resource-fair protocols while preserving their security.
ISSN:0933-2790
1432-1378
DOI:10.1007/s00145-010-9080-z