Improvements to Secure Computation with Penalties

Kumaresan, Ranjit; Vaikuntanathan, Vinod; Vasudevan, Prashant Nalini

Author(s)

Kumaresan, Ranjit K.; Vaikuntanathan, Vinod; Vasudevan, Prashant

DownloadVaikuntanathan_Improvements to.pdf (341.5Kb)

OPEN_ACCESS_POLICY

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

Motivated by the impossibility of achieving fairness in secure computation [Cleve, STOC 1986], recent works study a model of fairness in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty to every other party that did not receive the output. These works show how to design protocols for secure computation with penalties that tolerate an arbitrary number of corruptions. In this work, we improve the efficiency of protocols for secure computation with penalties in a hybrid model where parties have access to the “claim-or-refund” transaction functionality. Our first improvement is for the ladder protocol of Bentov and Kumaresan (Crypto 2014) where we improve the dependence of the script complexity of the protocol (which corresponds to miner verification load and also space on the blockchain) on the number of parties from quadratic to linear (and in particular, is completely independent of the underlying function). Our second improvement is for the see-saw protocol of Kumaresan et al. (CCS 2015) where we reduce the total number of claim-or-refund transactions and also the script complexity from quadratic to linear in the number of parties. We also present a ‘dual-mode’ protocol that offers different guarantees depending on the number of corrupt parties: (1) when s < n/2 parties are corrupt, this protocol guarantees fairness (i.e., either all parties get the output or none do), and (2) when t > n/2 parties are corrupt, this protocol guarantees fairness with penalties (i.e., if the adversary gets the output, then either the honest parties get output as well or they get compensation via penalizing the adversary). The above protocol works as long as t+s < n, matching the bound obtained for secure computation protocols in the standard model (i.e., replacing “fairness with penalties” with “securitywith-abort” (full security except fairness)) by Ishai et al. (SICOMP 2011). Keywords: Bitcoin, secure computation, fairness.

Date issued

2016-10

URI

http://hdl.handle.net/1721.1/112961

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory; Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16

Publisher

Association for Computing Machinery

Citation

Kumaresan, Ranjit, Vinod Vaikuntanathan, and Prashant Nalini Vasudevan. "Improvements to Secure Computation with Penalties." Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security CCS '16, 24-28 October, 2016, Vienna, Austria, ACM Press, 2016, pp. 406–17.

Version: Author's final manuscript

ISSN

978-1-4503-4139-4

Collections

MIT Open Access Articles

DSpace@MIT