Secure Two-Party Computation with Fairness - A Necessary Design Principle View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2017-11-05

AUTHORS

Yehuda Lindell , Tal Rabin

ABSTRACT

Protocols for secure two-party computation enable a pair of mutually distrustful parties to carry out a joint computation of their private inputs without revealing anything but the output. One important security property that has been considered is that of fairness which guarantees that if one party learns the output then so does the other. In the case of two-party computation, fairness is not always possible, and in particular two parties cannot fairly toss a coin (Cleve, 1986). Despite this, it is actually possible to securely compute many two-party functions with fairness (Gordon et al., 2008 and follow-up work). However, all known two-party protocols that achieve fairness have the unique property that the effective input of the corrupted party is determined at an arbitrary point in the protocol. This is in stark contrast to almost all other known protocols that have an explicit fixed round at which the inputs are committed.In this paper, we ask whether or not the property of not having an input committal round is inherent for achieving fairness for two parties. In order to do so, we revisit the definition of security of Micali and Rogaway (Technical report, 1992), that explicitly requires the existence of such a committal round. We adapt the definition of Canetti in the two-party setting to incorporate the spirit of a committal round, and show that under such a definition, it is impossible to achieve fairness for any non-constant two-party function. This result deepens our understanding as to the type of protocol construction that is needed for achieving fairness. In addition, our result discovers a fundamental difference between the definition of security of Micali and Rogaway and that of Canetti (Journal of Cryptology, 2000) which has become the standard today. Specifically, many functions can be securely computed with fairness under the definition of Canetti but no non-constant function can be securely computed with fairness under the definition of Micali and Rogaway. More... »

PAGES

565-580

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-319-70500-2_19

DOI

http://dx.doi.org/10.1007/978-3-319-70500-2_19

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1092520005


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Deptartment of Computer Science, Bar-Ilan University, Ramat Gan, Israel", 
          "id": "http://www.grid.ac/institutes/grid.22098.31", 
          "name": [
            "Deptartment of Computer Science, Bar-Ilan University, Ramat Gan, Israel"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Lindell", 
        "givenName": "Yehuda", 
        "id": "sg:person.013115472057.35", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013115472057.35"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "IBM T.J. Watson Research Center, New York, USA", 
          "id": "http://www.grid.ac/institutes/grid.481554.9", 
          "name": [
            "IBM T.J. Watson Research Center, New York, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Rabin", 
        "givenName": "Tal", 
        "id": "sg:person.015473523512.58", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015473523512.58"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2017-11-05", 
    "datePublishedReg": "2017-11-05", 
    "description": "Protocols for secure two-party computation enable a pair of mutually distrustful parties to carry out a joint computation of their private inputs without revealing anything but the output. One important security property that has been considered is that of fairness which guarantees that if one party learns the output then so does the other. In the case of two-party computation, fairness is not always possible, and in particular two parties cannot fairly toss a coin (Cleve, 1986). Despite this, it is actually possible to securely compute many two-party functions with fairness (Gordon et al., 2008 and follow-up work). However, all known two-party protocols that achieve fairness have the unique property that the effective input of the corrupted party is determined at an arbitrary point in the protocol. This is in stark contrast to almost all other known protocols that have an explicit fixed round at which the inputs are committed.In this paper, we ask whether or not the property of not having an input committal round is inherent for achieving fairness for two parties. In order to do so, we revisit the definition of security of Micali and Rogaway (Technical report, 1992), that explicitly requires the existence of such a committal round. We adapt the definition of Canetti in the two-party setting to incorporate the spirit of a committal round, and show that under such a definition, it is impossible to achieve fairness for any non-constant two-party function. This result deepens our understanding as to the type of protocol construction that is needed for achieving fairness. In addition, our result discovers a fundamental difference between the definition of security of Micali and Rogaway and that of Canetti (Journal of Cryptology, 2000) which has become the standard today. Specifically, many functions can be securely computed with fairness under the definition of Canetti but no non-constant function can be securely computed with fairness under the definition of Micali and Rogaway.", 
    "editor": [
      {
        "familyName": "Kalai", 
        "givenName": "Yael", 
        "type": "Person"
      }, 
      {
        "familyName": "Reyzin", 
        "givenName": "Leonid", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-319-70500-2_19", 
    "inLanguage": "en", 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-319-70499-9", 
        "978-3-319-70500-2"
      ], 
      "name": "Theory of Cryptography", 
      "type": "Book"
    }, 
    "keywords": [
      "definition of security", 
      "parties", 
      "fairness", 
      "stark contrast", 
      "security", 
      "definition", 
      "rounds", 
      "spirit", 
      "fundamental differences", 
      "today", 
      "two-party computation", 
      "effective input", 
      "understanding", 
      "construction", 
      "standard today", 
      "coins", 
      "Canetti", 
      "principles", 
      "private inputs", 
      "important security properties", 
      "paper", 
      "two-party setting", 
      "setting", 
      "two-party protocol", 
      "distrustful parties", 
      "joint computation", 
      "security properties", 
      "order", 
      "existence", 
      "necessary design principles", 
      "cases", 
      "point", 
      "Micali", 
      "Rogaway", 
      "protocol construction", 
      "design principles", 
      "computation", 
      "differences", 
      "Secure", 
      "protocol", 
      "output", 
      "input", 
      "contrast", 
      "results", 
      "types", 
      "arbitrary point", 
      "addition", 
      "function", 
      "non-constant function", 
      "pairs", 
      "properties", 
      "unique properties"
    ], 
    "name": "Secure Two-Party Computation with Fairness - A Necessary Design Principle", 
    "pagination": "565-580", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1092520005"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-319-70500-2_19"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-319-70500-2_19", 
      "https://app.dimensions.ai/details/publication/pub.1092520005"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-05-20T07:47", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220519/entities/gbq_results/chapter/chapter_395.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-319-70500-2_19"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-70500-2_19'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-70500-2_19'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-70500-2_19'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-70500-2_19'


 

This table displays all metadata directly associated to this object as RDF triples.

127 TRIPLES      23 PREDICATES      77 URIs      70 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-319-70500-2_19 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author N44e599941280455e8b4e8bf40ab240d9
4 schema:datePublished 2017-11-05
5 schema:datePublishedReg 2017-11-05
6 schema:description Protocols for secure two-party computation enable a pair of mutually distrustful parties to carry out a joint computation of their private inputs without revealing anything but the output. One important security property that has been considered is that of fairness which guarantees that if one party learns the output then so does the other. In the case of two-party computation, fairness is not always possible, and in particular two parties cannot fairly toss a coin (Cleve, 1986). Despite this, it is actually possible to securely compute many two-party functions with fairness (Gordon et al., 2008 and follow-up work). However, all known two-party protocols that achieve fairness have the unique property that the effective input of the corrupted party is determined at an arbitrary point in the protocol. This is in stark contrast to almost all other known protocols that have an explicit fixed round at which the inputs are committed.In this paper, we ask whether or not the property of not having an input committal round is inherent for achieving fairness for two parties. In order to do so, we revisit the definition of security of Micali and Rogaway (Technical report, 1992), that explicitly requires the existence of such a committal round. We adapt the definition of Canetti in the two-party setting to incorporate the spirit of a committal round, and show that under such a definition, it is impossible to achieve fairness for any non-constant two-party function. This result deepens our understanding as to the type of protocol construction that is needed for achieving fairness. In addition, our result discovers a fundamental difference between the definition of security of Micali and Rogaway and that of Canetti (Journal of Cryptology, 2000) which has become the standard today. Specifically, many functions can be securely computed with fairness under the definition of Canetti but no non-constant function can be securely computed with fairness under the definition of Micali and Rogaway.
7 schema:editor Nf4b51ecd4fb94c08964b317c7135f610
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree false
11 schema:isPartOf Nf99782b4ee6b45bba378a8b3eec33ca1
12 schema:keywords Canetti
13 Micali
14 Rogaway
15 Secure
16 addition
17 arbitrary point
18 cases
19 coins
20 computation
21 construction
22 contrast
23 definition
24 definition of security
25 design principles
26 differences
27 distrustful parties
28 effective input
29 existence
30 fairness
31 function
32 fundamental differences
33 important security properties
34 input
35 joint computation
36 necessary design principles
37 non-constant function
38 order
39 output
40 pairs
41 paper
42 parties
43 point
44 principles
45 private inputs
46 properties
47 protocol
48 protocol construction
49 results
50 rounds
51 security
52 security properties
53 setting
54 spirit
55 standard today
56 stark contrast
57 today
58 two-party computation
59 two-party protocol
60 two-party setting
61 types
62 understanding
63 unique properties
64 schema:name Secure Two-Party Computation with Fairness - A Necessary Design Principle
65 schema:pagination 565-580
66 schema:productId N21cd58aad00e48788230d6a6952b5ece
67 Nff6269ee61fb4b509918dbd202ce5380
68 schema:publisher N0e8ef8a9f153443dae89f8961ad0bdac
69 schema:sameAs https://app.dimensions.ai/details/publication/pub.1092520005
70 https://doi.org/10.1007/978-3-319-70500-2_19
71 schema:sdDatePublished 2022-05-20T07:47
72 schema:sdLicense https://scigraph.springernature.com/explorer/license/
73 schema:sdPublisher N10db922865054fe584de499c819b22a8
74 schema:url https://doi.org/10.1007/978-3-319-70500-2_19
75 sgo:license sg:explorer/license/
76 sgo:sdDataset chapters
77 rdf:type schema:Chapter
78 N0e8ef8a9f153443dae89f8961ad0bdac schema:name Springer Nature
79 rdf:type schema:Organisation
80 N10db922865054fe584de499c819b22a8 schema:name Springer Nature - SN SciGraph project
81 rdf:type schema:Organization
82 N21cd58aad00e48788230d6a6952b5ece schema:name dimensions_id
83 schema:value pub.1092520005
84 rdf:type schema:PropertyValue
85 N26f5cdd6c8644162bfc0f0d896f56a28 rdf:first N6eddd7162b5b46fb98ea3037acdbbe77
86 rdf:rest rdf:nil
87 N44e599941280455e8b4e8bf40ab240d9 rdf:first sg:person.013115472057.35
88 rdf:rest N4cd4f11addf64c8ea1bf3d156daf3411
89 N4cd4f11addf64c8ea1bf3d156daf3411 rdf:first sg:person.015473523512.58
90 rdf:rest rdf:nil
91 N6eddd7162b5b46fb98ea3037acdbbe77 schema:familyName Reyzin
92 schema:givenName Leonid
93 rdf:type schema:Person
94 Nf4b51ecd4fb94c08964b317c7135f610 rdf:first Nfbd3f7de0e2048329ae28331a35c3df3
95 rdf:rest N26f5cdd6c8644162bfc0f0d896f56a28
96 Nf99782b4ee6b45bba378a8b3eec33ca1 schema:isbn 978-3-319-70499-9
97 978-3-319-70500-2
98 schema:name Theory of Cryptography
99 rdf:type schema:Book
100 Nfbd3f7de0e2048329ae28331a35c3df3 schema:familyName Kalai
101 schema:givenName Yael
102 rdf:type schema:Person
103 Nff6269ee61fb4b509918dbd202ce5380 schema:name doi
104 schema:value 10.1007/978-3-319-70500-2_19
105 rdf:type schema:PropertyValue
106 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
107 schema:name Information and Computing Sciences
108 rdf:type schema:DefinedTerm
109 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
110 schema:name Data Format
111 rdf:type schema:DefinedTerm
112 sg:person.013115472057.35 schema:affiliation grid-institutes:grid.22098.31
113 schema:familyName Lindell
114 schema:givenName Yehuda
115 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013115472057.35
116 rdf:type schema:Person
117 sg:person.015473523512.58 schema:affiliation grid-institutes:grid.481554.9
118 schema:familyName Rabin
119 schema:givenName Tal
120 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015473523512.58
121 rdf:type schema:Person
122 grid-institutes:grid.22098.31 schema:alternateName Deptartment of Computer Science, Bar-Ilan University, Ramat Gan, Israel
123 schema:name Deptartment of Computer Science, Bar-Ilan University, Ramat Gan, Israel
124 rdf:type schema:Organization
125 grid-institutes:grid.481554.9 schema:alternateName IBM T.J. Watson Research Center, New York, USA
126 schema:name IBM T.J. Watson Research Center, New York, USA
127 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...