Fair Exchange of Secrets (extended abstract)

We consider two problems which arose in the context of “The Exchange of Secret Keys” (see [1]). (1).In the original protocol, one party may halt the exchange and have a 2 to 1 expected time advantage in computing the other party’s secret. To solve this problem, when there is a particular point in the exchange where this time advantage may be critical, we presented at CRYPTO 83 (see [5]), a method for exchanging “fractions” of a single bit.In this paper we extend the method so as to apply it to all bits to be exchanged, and show how it can be used in a more abstract setting (as in [2]).(2).We also present a solution to the problem of how to ensure a fair exchange of secrets when one party in the exchange is “risk seeking”, while the other is “risk-adverse”.